4.3
CVE-2007-0988
- EPSS 2.31%
- Veröffentlicht 20.02.2007 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version5.10
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version6.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.31% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://secunia.com/advisories/24284
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
http://secunia.com/advisories/25423
http://secunia.com/advisories/25850
http://www.vupen.com/english/advisories/2007/1991
http://www.vupen.com/english/advisories/2007/2374
http://secunia.com/advisories/24606
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
http://secunia.com/advisories/24419
http://www.php.net/releases/5_2_1.php
http://www.trustix.org/errata/2007/0009/
http://rhn.redhat.com/errata/RHSA-2007-0089.html
http://secunia.com/advisories/24195
http://secunia.com/advisories/24217
http://secunia.com/advisories/24236
http://secunia.com/advisories/24248
http://secunia.com/advisories/24295
http://secunia.com/advisories/24322
http://secunia.com/advisories/24421
http://secunia.com/advisories/24432
http://secunia.com/advisories/24642
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
http://www.redhat.com/support/errata/RHSA-2007-0076.html
http://www.redhat.com/support/errata/RHSA-2007-0081.html
http://www.redhat.com/support/errata/RHSA-2007-0082.html
http://www.redhat.com/support/errata/RHSA-2007-0088.html
http://www.securityfocus.com/archive/1/461462/100/0/threaded
http://www.securitytracker.com/id?1017671
http://www.ubuntu.com/usn/usn-424-1
http://www.ubuntu.com/usn/usn-424-2
http://www.us.debian.org/security/2007/dsa-1264
https://issues.rpath.com/browse/RPL-1088
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858
http://osvdb.org/32762
http://secunia.com/advisories/25056
http://securityreason.com/securityalert/2315
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-05-2007.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/32709
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092