Buffer overflow in htmlentities()

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Buffer overflow in htmlentities()

Post by Ambush Commander »

Fixed by PHP 5.2.0, but unfixed in the other versions. And you know how long it takes for webhosts to upgrade,

- http://www.hardened-php.net/advisory_132006.138.html
- http://secunia.com/advisories/22653/
- http://sla.ckers.org/forum/read.php?13,2396

Holy crap!
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Oh this is just great...

Or... Will it (hopefully) cause (force) hosts to upgrade to 5.2?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

They have to be aware of it first...then accept it's a critical flaw before most fix anything :P
Post Reply