Fortinet Discovers Multiple Stack Overflow Vulnerabilities in PHP
Two stack-based buffer overflow vulnerabilities had been discovered in PHP 5 and 7.
CVE-2016-6289 is related to core's function virtual_file_ex. The vulnerability can be triggered when PHP is handling a very long file path.
CVE-2016-6297 is related to PHP stream_zip_opener. The vulnerability can be triggered when PHP calls fopen function with an overly long filename passed to the zip:// handler.
Successful exploit of these vulnerabilities will cause memory corruption and lead to DoS. Under some conditions, remote code execution is also possible.
Users should apply the solution provided by PHP.
This vulnerability was discovered by Tony Loi of Fortinet's FortiGuard Labs.