Home/ Questions/Q 8359463
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T11:09:05+00:00

Possible Duplicate: How to conduct buffer overflow in PHP/Python? I was reading this tutorial

  • 0

Possible Duplicate:
How to conduct buffer overflow in PHP/Python?

I was reading this tutorial, when I came into this:

A buffer overflow attack seeks to overflow the memory allocation buffer inside your PHP application or, more seriously, in Apache or the underlying operating system. Remember that you may be using a high-level language like PHP to code your Web applications, but at the end of the day, you’re calling C (in the case of Apache) to do work. And C, like most low-level languages, has strict rules about allocation of memory..

What? I knew that PHP was well error-checked and so buffer overflow wasn’t possible. Should I check user input length to avoid too big data flow?
Thank you very much

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes it is and in the current change log there has been 15 bug fixes related to it:

    • Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
    • Fixed buffer overflow on overlog salt in crypt(). (Clément LECIGNE, Stas
    • Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false).
    • Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Found by Mateusz Kocielski, Marek Kroemeke and Filip Palian. (Felipe)
    • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. (Andrey)
    • Fixed possible buffer overflows when handling error packets in mysqlnd. Reported by Stefan Esser. (Andrey)
    • Fixed a possible dechunking filter buffer overflow. Reported by Stefan Esser. (Pierre)
    • Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) (Dmitry)
    • Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin)
    • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions.
      Reported by Laurent Gaffie.
    • Fixed bug #42222 (possible buffer overflow in php_openssl_make_REQ). (Pierre)
    • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (Ilia)
    • Fixed a buffer overflow inside user_filter_factory_create(). (Ilia)
    • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (Stas)
    • 0