PMASA-2007-3

Announcement-ID: PMASA-2007-3

Date: 2007-03-02

Summary

PHP Executor Deep Recursion Stack Overflow

Description

Stefan Esser from the Hardened-PHP Project is publishing the Month of PHP Bugs. One of these PHP bugs can be triggered by phpMyAdmin which uses a recursive function in its normal operation.

Severity

We consider this vulnerability to be serious.

Affected Versions

All versions prior to 2.10.0.2.

Solution

Upgrade to phpMyAdmin 2.10.0.2 or newer. Note that upgrading phpMyAdmin does not protect a server against an attacker that targets other vulnerable PHP applications.

References

http://www.php-security.org/MOPB/MOPB-02-2007.html

Assigned CVE ids: CVE-2007-1325

CWE ids: CWE-661 CWE-674

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements