5
CVE-2007-0908
- EPSS 11.75%
- Veröffentlicht 13.02.2007 23:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version5.10
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version6.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.75% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://secunia.com/advisories/24284
http://secunia.com/advisories/24606
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
http://secunia.com/advisories/24514
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
http://secunia.com/advisories/24089
http://secunia.com/advisories/24419
http://www.php.net/ChangeLog-5.php#5.2.1
http://www.php.net/releases/5_2_1.php
http://www.securityfocus.com/bid/22496
http://www.trustix.org/errata/2007/0009/
http://www.vupen.com/english/advisories/2007/0546
http://rhn.redhat.com/errata/RHSA-2007-0089.html
http://secunia.com/advisories/24195
http://secunia.com/advisories/24217
http://secunia.com/advisories/24236
http://secunia.com/advisories/24248
http://secunia.com/advisories/24295
http://secunia.com/advisories/24322
http://secunia.com/advisories/24421
http://secunia.com/advisories/24432
http://secunia.com/advisories/24642
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.redhat.com/support/errata/RHSA-2007-0076.html
http://www.redhat.com/support/errata/RHSA-2007-0081.html
http://www.redhat.com/support/errata/RHSA-2007-0082.html
http://www.redhat.com/support/errata/RHSA-2007-0088.html
http://www.securityfocus.com/archive/1/461462/100/0/threaded
http://www.securitytracker.com/id?1017671
http://www.ubuntu.com/usn/usn-424-1
http://www.ubuntu.com/usn/usn-424-2
http://www.us.debian.org/security/2007/dsa-1264
https://issues.rpath.com/browse/RPL-1088
http://osvdb.org/32766
http://securityreason.com/securityalert/2321
http://www.php-security.org/MOPB/MOPB-11-2007.html
http://www.securityfocus.com/bid/22806
https://exchange.xforce.ibmcloud.com/vulnerabilities/32493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185