SECUNIA ADVISORY ID: SA22653
VERIFY ADVISORY: http://secunia.com/advisories/22653/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE: >From remote
SOFTWARE:
PHP 4.0.x - http://secunia.com/product/1655/
PHP 4.1.x - http://secunia.com/product/1654/
PHP 4.2.x - http://secunia.com/product/105/
PHP 4.3.x - http://secunia.com/product/922/
PHP 4.4.x - http://secunia.com/product/5768/
PHP 5.0.x - http://secunia.com/product/3919/
PHP 5.1.x - http://secunia.com/product/6796/
DESCRIPTION: Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause buffer overflows by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code.
SOLUTION: Fixes are available in the CVS repository.
PROVIDED AND/OR DISCOVERED BY: Stefan Esser
ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-375-1
PHP *htmlentities()* and *htmlspecialchars()* Buffer OverflowsPosted on Thursday, November 02, 2006 @ 14:20:49 CST in Security Associated Topics
  |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
