Thread-topic: [SA24471] PECL zip Extension URL Buffer Overflow Vulnerability
> PECL zip Extension URL Buffer Overflow Vulnerability
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Moderately critical
> System access
> From remote
> PECL zip Extension 1.x
> Stefan Esser has reported a vulnerability in the PECL zip Extension,
> which can be exploited by malicious people to compromise a user's
> The vulnerability is caused due to a boundary error within the
> handling of "zip:" URLs. This can be exploited to cause a
> stack-based buffer overflow by passing a specially crafted long
> string to the "zip:" URL wrapper.
> Successful exploitation allows the execution of arbitrary code.
> The vulnerability is reported in versions prior to 1.8.4.
> Update to version 1.8.4.
> PROVIDED AND/OR DISCOVERED BY:
> Stefan Esser
> ORIGINAL ADVISORY: