![[论文笔记]弱监督条件下基于相似性条件学习的服饰搭配生成-一一网](https://www.proyy.com/wp-content/uploads/2024/10/load.gif )
漏洞信息详情
PHP chunk_split()函数整数溢出漏洞
- CNNVD编号:CNNVD-200706-009
- 危害等级: 中危
![图片[1]-PHP chunk_split()函数整数溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-11/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2007-2872
- 漏洞类型:
数字错误
- 发布时间:
2002-02-03
- 威胁类型:
远程
- 更新时间:
2009-09-16
- 厂 商:
php - 漏洞来源:
Gerhard Wagner -
漏洞简介
PHP是一种流行的WEB服务器端编程语言。
PHP中的chunk_split函数在处理畸形参数时存在整数溢出漏洞,本地攻击者可能利用此漏洞提升自己的权限。
PHP中chunk_split函数的1963行试图为函数结果分配充分的内存大小,但没有执行任何检查便使用了srclen和chunklen参数块。如果值的块和endlen大于65534字节的话,就会触发整数溢出,分配错误的内存大小,导致堆溢出。
ext/standard/string.c:
1953 static char *php_chunk_split(char *src, int srclen, char *end,
int endlen, int chunklen, int *destlen)
1954 {
1955 char *dest;
1956 char *p, *q;
1957 int chunks; /* complete chunks! */
1958 int restlen;
1959
1960 chunks = srclen / chunklen;
1961 restlen = srclen – chunks * chunklen; /* srclen \\% chunklen */
1962
1963 dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1),
sizeof(char), 0);
1964
1965 for (p = src, q = dest; p < (src + srclen – chunklen + 1); ) {
1966 memcpy(q, p, chunklen);
1967 q += chunklen;
1968 memcpy(q, end, endlen);
1969 q += endlen;
1970 p += chunklen;
1971 }
参考网址
来源: www.php.net/releases
链接:http://www.php.net/releases/5_2_3.php
来源: FEDORA
名称: FEDORA-2007-2215
链接:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
来源: FEDORA
名称: FEDORA-2007-709
链接:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
来源: launchpad.net
链接:https://launchpad.net/bugs/173043
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1702
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1693
来源: XF
名称: php-chunksplit-security-bypass(39398)
链接:http://xforce.iss.net/xforce/xfdb/39398
来源: VUPEN
名称: ADV-2008-0059
链接:http://www.vupen.com/english/advisories/2008/0059
来源: UBUNTU
名称: USN-549-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-549-1
来源: UBUNTU
名称: USN-549-2
链接:http://www.ubuntu.com/usn/usn-549-2
来源: TRUSTIX
名称: 2007-0023
链接:http://www.trustix.org/errata/2007/0023/
来源: SECTRACK
名称: 1018186
链接:http://www.securitytracker.com/id?1018186
来源: BID
名称: 24261
链接:http://www.securityfocus.com/bid/24261
来源: HP
名称: HPSBUX02332
链接:http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded
来源: BUGTRAQ
名称: 20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow
链接:http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded
来源: MISC
链接:http://www.sec-consult.com/291.html
来源: REDHAT
名称: RHSA-2007:0891
链接:http://www.redhat.com/support/errata/RHSA-2007-0891.html
来源: REDHAT
名称: RHSA-2007:0890
链接:http://www.redhat.com/support/errata/RHSA-2007-0890.html
来源: REDHAT
名称: RHSA-2007:0888
链接:http://www.redhat.com/support/errata/RHSA-2007-0888.html
来源: www.php.net
链接:http://www.php.net/releases/4_4_8.php
来源: www.php.net
链接:http://www.php.net/ChangeLog-4.php
来源: OPENPKG
名称: OpenPKG-SA-2007.020
链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
来源: MANDRIVA
名称: MDKSA-2007:187
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
来源: GENTOO
名称: GLSA-200710-02
链接:http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
来源: VUPEN
名称: ADV-2007-3386
链接:http://www.frsirt.com/english/advisories/2007/3386
来源: VUPEN
名称: ADV-2007-2061
链接:http://www.frsirt.com/english/advisories/2007/2061
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
来源: SLACKWARE
名称: SSA:2007-152-01
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
来源: SECUNIA
名称: 28318
链接:http://secunia.com/advisories/28318
来源: SECUNIA
名称: 27864
链接:http://secunia.com/advisories/27864
来源: SECUNIA
名称: 27545
链接:http://secunia.com/advisories/27545
来源: SECUNIA
名称: 27377
链接:http://secunia.com/advisories/27377
来源: SECUNIA
名称: 27351
链接:http://secunia.com/advisories/27351
来源: SECUNIA
名称: 27110
链接:http://secunia.com/advisories/27110
来源: SECUNIA
名称: 27102
链接:http://secunia.com/advisories/27102
来源: SECUNIA
名称: 27037
链接:http://secunia.com/advisories/27037
来源: SECUNIA
名称: 26967
链接:http://secunia.com/advisories/26967
来源: SECUNIA
名称: 26930
链接:http://secunia.com/advisories/26930
来源: SECUNIA
名称: 26895
链接:http://secunia.com/advisories/26895
来源: SECUNIA
名称: 26871
链接:http://secunia.com/advisories/26871
来源: SECUNIA
名称: 26838
链接:http://secunia.com/advisories/26838
来源: SECUNIA
名称: 26231
链接:http://secunia.com/advisories/26231
来源: SECUNIA
名称: 26048
链接:http://secunia.com/advisories/26048
来源: SECUNIA
名称: 25535
链接:http://secunia.com/advisories/25535
来源: SECUNIA
名称: 25456
链接:http://secunia.com/advisories/25456
来源: REDHAT
名称: RHSA-2007:0889
链接:http://rhn.redhat.com/errata/RHSA-2007-0889.html
来源: SUSE
名称: SUSE-SA:2007:044
链接:http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
来源: HP
名称: HPSBUX02308
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
来源: HP
名称: SSRT080010
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
