| Name | CVE-2008-3659 |
| Description | Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more) |
| References | DSA-1647-1 |
| NVD severity | medium (attack range: remote) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| php5 (PTS) | wheezy | 5.4.45-0+deb7u2 | fixed |
| wheezy (security) | 5.4.45-0+deb7u5 | fixed |
| jessie (security), jessie | 5.6.24+dfsg-0+deb8u1 | fixed |
| sid | 5.6.26+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| php4 | source | (unstable) | (unfixed) | medium | | |
| php5 | source | (unstable) | 5.2.6-4 | medium | | |
| php5 | source | etch | 5.2.0-8+etch13 | medium | DSA-1647-1 | |
Notes
php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
(From upstream's ext/standard/tests/strings/explode_bug.phpt)
could not reproduce locally
fix in pkg-php svn for both etch and sid