7.5
CVE-2007-1285
- EPSS 6.89%
- Published 06.03.2007 20:19:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version7.10
Novell ≫ Suse Linux Version10.0
Novell ≫ Suse Linux Version10.1
Suse ≫ Linux Enterprise Server Version8
Suse ≫ Linux Enterprise Server Version10 Updatesp1
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Enterprise Linux Server Version2.0
Redhat ≫ Enterprise Linux Server Version3.0
Redhat ≫ Enterprise Linux Server Version4.0
Redhat ≫ Enterprise Linux Workstation Version2.0
Redhat ≫ Enterprise Linux Workstation Version3.0
Redhat ≫ Enterprise Linux Workstation Version4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.89% | 0.91 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.