the Month of PHP Security

A use-after-free vulnerability was discovered in the deserialization of SPLObjectStorage objects that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
(more…)

PHP’s default sesson serializer wrongly handles the PS_UNDEF_MARKER character
(more…)

PHP’s php_mysqlnd_auth_write() does not check user supplied values which can result in a stack based buffer overflow.
(more…)

PHP’s php_mysqlnd_read_error_from_line() trusts network data which can result in a heap based buffer overflow.
(more…)

PHP’s php_mysqlnd_rset_header_read() trusts network data which can result in a heap based buffer overflow.
(more…)

PHP’s php_mysqlnd_ok_read() trusts network data which can result in a heap information leak.
(more…)

PHP’s ArrayObject::uasort() method can be interrupted and used for memory corruption attacks.
(more…)

PHP’s ZEND_CONCAT/ZEND_ASSIGN_CONCAT opcodes can be abused for information leakage or memory corruption by a userspace error handler interruption attack. This can be leveraged to execute arbitrary code.
(more…)

PHP’s ZEND_FETCH_RW opcode can be abused for information leakage by a userspace error handler interruption attack.
(more…)

PHP’s pack() function can be interrupted and used for information leakage due to call time pass by reference.
(more…)