In PHP5.1.6, 4.4.4 and previous versions, when searching for "htmlspecialchars() and htmlentities()" related character encodings, a possible buffer may be triggered when UTF-8 encoding is selected overflow.
While we were searching for a hole in htmlspecialchars() and htmlentities() to bypass the encoding of certain chars to exploit a possible eval() injection hole in another application we discovered that the implementation contains a possible bufferoverflow that can be triggered when the UTF-8 charset is selected.”
The latest release of PHP5 version 5.2 has fixed this error, but the problem still exists in PHP4.4 version. Full information can be viewed at the full vulnerability.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
