4.3

CVE-2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 4.0.0 < 4.4.5
PhpPhp Version >= 5.0.0 < 5.2.1
PhpPhp Version4.0
PhpPhp Version4.0 Updatebeta_4_patch1
PhpPhp Version4.0 Updatebeta1
PhpPhp Version4.0 Updatebeta2
PhpPhp Version4.0 Updatebeta3
PhpPhp Version4.0 Updatebeta4
PhpPhp Version4.0 Updaterc1
PhpPhp Version4.0 Updaterc2
CanonicalUbuntu Linux Version5.10
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version6.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
Broken Link
http://secunia.com/advisories/24284
Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
Broken Link
http://secunia.com/advisories/25423
Third Party Advisory
http://secunia.com/advisories/25850
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1991
Third Party Advisory
http://www.vupen.com/english/advisories/2007/2374
Third Party Advisory
http://secunia.com/advisories/24606
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200703-21.xml
Third Party Advisory
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
Third Party Advisory
http://secunia.com/advisories/24419
Third Party Advisory
http://www.php.net/releases/5_2_1.php
Patch
Third Party Advisory
http://www.trustix.org/errata/2007/0009/
Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0089.html
Third Party Advisory
http://secunia.com/advisories/24195
Third Party Advisory
http://secunia.com/advisories/24217
Third Party Advisory
http://secunia.com/advisories/24236
Third Party Advisory
http://secunia.com/advisories/24248
Third Party Advisory
http://secunia.com/advisories/24295
Third Party Advisory
http://secunia.com/advisories/24322
Third Party Advisory
http://secunia.com/advisories/24421
Third Party Advisory
http://secunia.com/advisories/24432
Third Party Advisory
http://secunia.com/advisories/24642
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0076.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0081.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0082.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0088.html
Third Party Advisory
http://www.securityfocus.com/archive/1/461462/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1017671
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-424-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-424-2
Third Party Advisory
http://www.us.debian.org/security/2007/dsa-1264
Broken Link
https://issues.rpath.com/browse/RPL-1088
Broken Link
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858
Third Party Advisory
Issue Tracking
http://osvdb.org/32762
Broken Link
http://secunia.com/advisories/25056
Third Party Advisory
http://securityreason.com/securityalert/2315
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_32_php.html
Broken Link
http://www.php-security.org/MOPB/MOPB-05-2007.html
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32709
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092
Third Party Advisory