Multiple integer overflows in PHP 4 prior to 4.4.8, and PHP 5 prior to 5.2.4, allow remote malicious users to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
debian debian linux 4.0 |
||
debian debian linux 3.1 |
||
canonical ubuntu linux 7.10 |
||
canonical ubuntu linux 7.04 |
||
canonical ubuntu linux 6.10 |
||
canonical ubuntu linux 6.06 |