OSVDB ID: 32769

Title: PHP Zend Engine Variable Destruction Deep Recursion Overflow

Info

Disclosure
Mar 01, 2007

Discovery
Unknown

Dates

Exploit
Mar 01, 2007

Solution
Unknown

Description

 Zend Engine I in PHP 4.4.6 and lower, and Zend Engine II in PHP versions 5.2.1 and lower, contain flaws that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays which allows a remote user to create very deeply nested array structures. Since the destruction of PHP arrays is done in a recursive way, the attempted destruction of the user's deeply nested array will result in a crash when the stack limit is exhausted, leading to a loss of availability for the service.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to version 4.4.8, 5.2.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Configure your web application firewall to drop high amounts of '[' in variable names.

Products

The PHP Group

PHP

 4.0 Beta 1
4.0 Beta 2
4.0 Beta 3
4.0 Beta 4
4.0, Release Candidate 1
4.0, Release Candidate 2
4.0.x
4.1.x
4.2.x
4.3.x
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
5.0 Release Candidate 3
5.0 Release Candidate 2
5.0 Release Candidate 1
5.0 Beta 4
5.0 Beta 3
5.0 Beta 2
5.0 Beta 1
5.0.x
5.1.x
5.2.0
5.2.1

References

Credit
  • Stefan Esser - sesserhardened-php.net - www.hardened-php.net


Direct URL: http://osvdb.org/32769