MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability

May 7th, 2010

PHP’s sqlite_single_query() function will use uninitialized memory if it is used with an empty SQL query. This can lead to arbitrary code execution.

Affected versions

Affected is PHP 5.2 <= 5.2.13
Affected is PHP 5.3 <= 5.3.2

Credits

The vulnerability was discovered by Mateusz Kocielski with his Minerva PHP Fuzzer.

Detailed information

For more information see the Vulnerability chapter of the submitted article.

Proof of concept, exploit or instructions to reproduce

For more information see the Exploitation chapter of the submitted article.

Notes

It is recommended to fix this vulnerability by using ecalloc() instead of emalloc() to allocate clean memory.




blog comments powered by Disqus