Incorrect Calculation of Buffer Size
CVE-2008-0599
Summary
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-131 - Incorrect Calculation of Buffer Size
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
References
Advisory Timeline
- Published