Description
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2003-0866)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)
WordPress Plugin Twitget Cross-Site Request Forgery (3.3.2)
WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-29517)