Vigil@nce: PHP, memory reading via mb_strcut
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use a PHP application using the mb_strcut()
function, in order to read a memory fragment.
– Severity: 1/4
– Creation date: 08/11/2010
DESCRIPTION OF THE VULNERABILITY
The mb_strcut() function, which uses libmbfl, is used to extract a
substring from a string using a Multi-Byte encoding:
mb_strcut(string, start, length);
However, if the start position is inside a Multi-Byte character,
the mb_strcut() function reads after the end of the string.
An attacker can therefore use a PHP application using the
mb_strcut() function, in order to read a memory fragment.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-memory-reading-via-mb-strcut-10112