PHP Null Pointer Dereference in zend_strndup() Lets Local Users Deny Service
PHP Version(s): 5.3.8
A vulnerability was reported in PHP. A local user can cause denial of service conditions.
The software makes calls to the zend_strndup() function without checking the returned values. A local user can run specially crafted PHP code to trigger a null pointer dereference in zend_strndup() and cause the target service to crash.
The oci8 extension is affected. Other extensions are affected.
For more information, PHP Downloads