Description
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)
WordPress Plugin WP Mail Logging Multiple Unspecified Vulnerabilities (1.5.0)
Apache Tomcat version older than 6.0.18
Oracle Database Server CVE-2009-3414 Vulnerability (CVE-2009-3414)
Oracle Application Server CVE-2008-2614 Vulnerability (CVE-2008-2614)