FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- corruption of $GLOBALS and $this variables via extract() method

Affected packages
php5 < 5.3.4
php52 < 5.2.15

Details

VuXML ID f3148a05-0fa7-11e0-becc-0022156e8794
Discovery 2010-12-10
Entry 2011-01-13

Off-by-one error in the sanity validator for the extract() method allowed attackers to replace the values of $GLOBALS and $this when mode EXTR_OVERWRITE was used.

References

URL http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
URL http://www.php.net/releases/5_2_15.php