PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability - CVE-2007-1381 - Vulnerability Database

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability - CVE-2007-1381

High
Reference: CVE-2007-1381
Title: PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
Overview:

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5 as modified in CVS on 20070224 and fixed on 20070304 calls strlcpy where strlcat was intended and uses improper arguments which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element which triggers a buffer overflow.