PHP Incorrect Calculation of Buffer Size Vulnerability - CVE-2008-0599 - Vulnerability Database

PHP Incorrect Calculation of Buffer Size Vulnerability - CVE-2008-0599

Critical

Reference: CVE-2008-0599

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-0599

Title: PHP Incorrect Calculation of Buffer Size Vulnerability

Overview:

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED which might allow remote attackers to execute arbitrary code via a crafted URI.