| Name | CVE-2008-3659 |
| Description | Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. |
| Source | CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more) |
| References | DSA-1647-1 |
| NVD severity | medium (attack range: remote) |
| Debian/oldstable | not vulnerable. |
| Debian/stable | not vulnerable. |
| Debian/testing | not vulnerable. |
| Debian/unstable | not vulnerable. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| php5 (PTS) | squeeze (security), squeeze | 5.3.3-7+squeeze19 | fixed |
| squeeze (lts) | 5.3.3-7+squeeze25 | fixed |
| wheezy | 5.4.36-0+deb7u1 | fixed |
| wheezy (security) | 5.4.36-0+deb7u3 | fixed |
| jessie | 5.6.5+dfsg-2 | fixed |
| sid | 5.6.6+dfsg-2 | fixed |
The information above is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| php4 | source | (unstable) | (unfixed) | medium | | |
| php5 | source | (unstable) | 5.2.6-4 | medium | | |
| php5 | source | etch | 5.2.0-8+etch13 | medium | DSA-1647-1 | |
Notes
php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
(From upstream's ext/standard/tests/strings/explode_bug.phpt)
could not reproduce locally
fix in pkg-php svn for both etch and sid