Description
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2020-2969 Vulnerability (CVE-2020-2969)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2246)
Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)
Oracle JRE CVE-2017-10355 Vulnerability (CVE-2017-10355)
WordPress Plugin Simple Share Buttons Adder Multiple Vulnerabilities (4.4)