Serialisierung

                        Hardened-PHP Project
                        www.hardened-php.net

                      -= Security  Advisory =-


     Advisory: PHP unserialize() Array Creation Integer Overflow
 Release Date: 2006/10/09
Last Modified: 2006/10/09
       Author: Stefan Esser [sesser@hardened-php.net]

  Application: PHP 5 <= 5.1.6, PHP 4 < 4.3.0
 Not affected: PHP 4 >= 4.3.0,
               PHP with Hardening-Patch,
               PHP with Suhosin-Patch
     Severity: User-input passed to the unserialize() function might
               trigger an integer overflow in array creation that
               might result in remote code execution
         Risk: Critical
Vendor Status: Fixed in CVS, no security update planned, wait for PHP 5.2.0
   References: http://www.hardened-php.net/advisory_092006.133.html