Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2007-0988

Published: 20/02/2007 Updated: 09/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

The zend_hash_init function in PHP 5 prior to 5.2.1 and PHP 4 prior to 4.4.5, when running on a 64-bit platform, allows context-dependent malicious users to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.0

php php

canonical ubuntu linux 6.06

canonical ubuntu linux 6.10

canonical ubuntu linux 5.10

Vendor Advisories

Ubuntu Security Notice: php5 regression
USN-424-1 fixed vulnerabilities in PHP However, some upstream changes were not included, which caused errors in the stream filters This update fixes the problem ...
Ubuntu Security Notice: php5 vulnerabilities
Multiple buffer overflows have been discovered in various PHP modules If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server (CVE-2007-0906) ...
Debian Security Advisories: DSA-1264-1 php4 -- several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0906 It was discovered that an integer overflow in the str_replace() function could lead ...

References

CWE-119http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858http://www.php.net/releases/5_2_1.phphttp://www.redhat.com/support/errata/RHSA-2007-0076.htmlhttp://secunia.com/advisories/24195https://issues.rpath.com/browse/RPL-1088http://support.avaya.com/elmodocs2/security/ASA-2007-101.htmhttp://www.us.debian.org/security/2007/dsa-1264http://security.gentoo.org/glsa/glsa-200703-21.xmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0081.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0089.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0088.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0082.htmlhttp://www.ubuntu.com/usn/usn-424-1http://www.ubuntu.com/usn/usn-424-2http://www.securitytracker.com/id?1017671http://secunia.com/advisories/24217http://secunia.com/advisories/24248http://secunia.com/advisories/24236http://secunia.com/advisories/24295http://secunia.com/advisories/24322http://secunia.com/advisories/24432http://secunia.com/advisories/24421http://secunia.com/advisories/24606http://support.avaya.com/elmodocs2/security/ASA-2007-136.htmhttp://secunia.com/advisories/24642http://www.php-security.org/MOPB/MOPB-05-2007.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:048ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.aschttp://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.trustix.org/errata/2007/0009/http://secunia.com/advisories/25056http://secunia.com/advisories/25423http://secunia.com/advisories/24284http://secunia.com/advisories/24419http://secunia.com/advisories/25850http://securityreason.com/securityalert/2315http://osvdb.org/32762http://www.vupen.com/english/advisories/2007/2374http://www.vupen.com/english/advisories/2007/1991http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506https://exchange.xforce.ibmcloud.com/vulnerabilities/32709https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092http://www.securityfocus.com/archive/1/461462/100/0/threadedhttps://usn.ubuntu.com/424-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook