PROBLEM:
PHP Null Pointer Dereference in zend_strndup() Lets Local Users Deny Service
PLATFORM:
PHP Version(s): 5.3.8
ABSTRACT:
A vulnerability was reported in PHP. A local user can cause denial of service conditions.
referenceĀ LINKS:
PHP Advisory
SecurityTracker Alert ID: 1026524
PHP.net Guide
iMPACT ASSESSMENT:
Medium
Discussion:
The software makes calls to the zend_strndup() function without checking the returned values. A local user can run specially crafted PHP code to trigger a null pointer dereference in zend_strndup() and cause the target service to crash.
Impact:
The oci8 extension is affected. Other extensions are affected.
Solution:
For more information, PHP Downloads