5

CVE-2007-0908

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 4.0.0 < 4.4.5
PhpPhp Version >= 5.0.0 < 5.2.1
PhpPhp Version4.0
PhpPhp Version4.0 Updatebeta_4_patch1
PhpPhp Version4.0 Updatebeta1
PhpPhp Version4.0 Updatebeta2
PhpPhp Version4.0 Updatebeta3
PhpPhp Version4.0 Updatebeta4
PhpPhp Version4.0 Updaterc1
PhpPhp Version4.0 Updaterc2
CanonicalUbuntu Linux Version5.10
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version6.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.75% 0.955
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
Broken Link
http://secunia.com/advisories/24284
Third Party Advisory
http://secunia.com/advisories/24606
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200703-21.xml
Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
Broken Link
http://secunia.com/advisories/24514
Third Party Advisory
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
Third Party Advisory
http://secunia.com/advisories/24089
Third Party Advisory
http://secunia.com/advisories/24419
Third Party Advisory
http://www.php.net/ChangeLog-5.php#5.2.1
Third Party Advisory
http://www.php.net/releases/5_2_1.php
Third Party Advisory
http://www.securityfocus.com/bid/22496
Patch
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2007/0009/
Broken Link
http://www.vupen.com/english/advisories/2007/0546
Third Party Advisory
Permissions Required
http://rhn.redhat.com/errata/RHSA-2007-0089.html
Third Party Advisory
http://secunia.com/advisories/24195
Third Party Advisory
http://secunia.com/advisories/24217
Third Party Advisory
http://secunia.com/advisories/24236
Third Party Advisory
http://secunia.com/advisories/24248
Third Party Advisory
http://secunia.com/advisories/24295
Third Party Advisory
http://secunia.com/advisories/24322
Third Party Advisory
http://secunia.com/advisories/24421
Third Party Advisory
http://secunia.com/advisories/24432
Third Party Advisory
http://secunia.com/advisories/24642
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0076.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0081.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0082.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0088.html
Third Party Advisory
http://www.securityfocus.com/archive/1/461462/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1017671
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-424-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-424-2
Third Party Advisory
http://www.us.debian.org/security/2007/dsa-1264
Broken Link
https://issues.rpath.com/browse/RPL-1088
Broken Link
http://osvdb.org/32766
Broken Link
http://securityreason.com/securityalert/2321
Third Party Advisory
http://www.php-security.org/MOPB/MOPB-11-2007.html
Third Party Advisory
http://www.securityfocus.com/bid/22806
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/32493
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185
Third Party Advisory