Vigil@nce: PHP, integer overflow via getSymbol
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can create a denial of service or execute code in PHP
applications using NumberFormatter::getSymbol() or
numfmt_get_symbol().
– Severity: 2/4
– Creation date: 07/12/2010
– Revision date: 08/12/2010
DESCRIPTION OF THE VULNERABILITY
The NumberFormatter::getSymbol() and numfmt_get_symbol() functions
format numbers depending on the locale (language/country).
However, these functions do not correctly check values before
formatting them. Special values (2147483648, -2147483648, -1,
4294901761) create integer overflows. They lead to denials of
service and possibly to code execution.
An attacker can therefore create a denial of service or execute
code in PHP applications using NumberFormatter::getSymbol() or
numfmt_get_symbol().
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-integer-overflow-via-getSymbol-10181