CVE-2008-5557
CRITICAL
10.0
CVSS Severity Score
Vulnerability Description
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
Affected Platforms (CPE)
π¦
Php
Php
= 4.3.0π¦
Php
Php
= 4.3.1π¦
Php
Php
= 4.3.2π¦
Php
Php
= 4.3.3π¦
Php
Php
= 4.3.4π¦
Php
Php
= 4.3.5π¦
Php
Php
= 4.3.6π¦
Php
Php
= 4.3.7π¦
Php
Php
= 4.3.8π¦
Php
Php
= 4.3.9π¦
Php
Php
= 4.3.10π¦
Php
Php
= 4.3.11π¦
Php
Php
= 4.4.0π¦
Php
Php
= 4.4.1π¦
Php
Php
= 4.4.2π¦
Php
Php
= 4.4.3π¦
Php
Php
= 4.4.4π¦
Php
Php
= 4.4.5π¦
Php
Php
= 4.4.6π¦
Php
Php
= 4.4.7π¦
Php
Php
= 4.4.8π¦
Php
Php
= 4.4.9π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.0π¦
Php
Php
= 5.0.1π¦
Php
Php
= 5.0.2π¦
Php
Php
= 5.0.3π¦
Php
Php
= 5.0.4π¦
Php
Php
= 5.0.5π¦
Php
Php
= 5.1.0π¦
Php
Php
= 5.1.1π¦
Php
Php
= 5.1.2π¦
Php
Php
= 5.1.3π¦
Php
Php
= 5.1.4π¦
Php
Php
= 5.1.5π¦
Php
Php
= 5.1.6π¦
Php
Php
= 5.2.0π¦
Php
Php
= 5.2.1π¦
Php
Php
= 5.2.2π¦
Php
Php
= 5.2.3π¦
Php
Php
= 5.2.4π¦
Php
Php
= 5.2.5π¦
Php