4.3

CVE-2007-0988

EPSS 1.78%
Published 20.02.2007 17:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Affected products Warnungen 0 Metrics 2 CWE 1 References 48

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version >= 4.0.0 < 4.4.5

Php ≫ Php Version >= 5.0.0 < 5.2.1

Php ≫ Php Version4.0

Php ≫ Php Version4.0 Updatebeta_4_patch1

Php ≫ Php Version4.0 Updatebeta1

Php ≫ Php Version4.0 Updatebeta2

Php ≫ Php Version4.0 Updatebeta3

Php ≫ Php Version4.0 Updatebeta4

Php ≫ Php Version4.0 Updaterc1

Php ≫ Php Version4.0 Updaterc2

Canonical ≫ Ubuntu Linux Version5.10

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.78%	0.821

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

Broken Link

http://secunia.com/advisories/24284

Third Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

Broken Link

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

Broken Link

http://secunia.com/advisories/25423

Third Party Advisory

http://secunia.com/advisories/25850

Third Party Advisory

http://www.vupen.com/english/advisories/2007/1991

Third Party Advisory

http://www.vupen.com/english/advisories/2007/2374

Third Party Advisory

http://secunia.com/advisories/24606

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200703-21.xml

Third Party Advisory

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html

Third Party Advisory

http://secunia.com/advisories/24419

Third Party Advisory

http://www.php.net/releases/5_2_1.php

Patch

Third Party Advisory

http://www.trustix.org/errata/2007/0009/

Broken Link

http://rhn.redhat.com/errata/RHSA-2007-0089.html

Third Party Advisory

http://secunia.com/advisories/24195

Third Party Advisory

http://secunia.com/advisories/24217

Third Party Advisory

http://secunia.com/advisories/24236

Third Party Advisory

http://secunia.com/advisories/24248

Third Party Advisory

http://secunia.com/advisories/24295

Third Party Advisory

http://secunia.com/advisories/24322

Third Party Advisory

http://secunia.com/advisories/24421

Third Party Advisory

http://secunia.com/advisories/24432

Third Party Advisory

http://secunia.com/advisories/24642

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:048

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0076.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0081.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0082.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0088.html

Third Party Advisory

http://www.securityfocus.com/archive/1/461462/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1017671

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-424-1

Third Party Advisory

http://www.ubuntu.com/usn/usn-424-2

Third Party Advisory

http://www.us.debian.org/security/2007/dsa-1264

Broken Link

https://issues.rpath.com/browse/RPL-1088

Broken Link

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858

Third Party Advisory

Issue Tracking

http://osvdb.org/32762

Broken Link

http://secunia.com/advisories/25056

Third Party Advisory

http://securityreason.com/securityalert/2315

Third Party Advisory

http://www.novell.com/linux/security/advisories/2007_32_php.html

Broken Link

http://www.php-security.org/MOPB/MOPB-05-2007.html

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/32709

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-0988

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0988

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0988

EUVD