7.5

CVE-2007-1285

Exploit
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 4.0.0 < 4.4.7
PhpPhp Version >= 5.0.0 < 5.2.2
CanonicalUbuntu Linux Version7.10
NovellSuse Linux Version10.0
NovellSuse Linux Version10.1
SuseLinux Enterprise Server Version10 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.16% 0.968
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

http://rhn.redhat.com/errata/RHSA-2007-0155.html
Third Party Advisory
http://secunia.com/advisories/24924
Vendor Advisory
Broken Link
http://secunia.com/advisories/24945
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0162.html
Broken Link
http://www.securityfocus.com/archive/1/466166/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
https://issues.rpath.com/browse/RPL-1268
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
Mailing List
http://secunia.com/advisories/26048
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0082.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0154.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0163.html
Broken Link
http://secunia.com/advisories/24909
Vendor Advisory
Broken Link
http://secunia.com/advisories/24910
Vendor Advisory
Broken Link
http://secunia.com/advisories/24941
Vendor Advisory
Broken Link
http://secunia.com/advisories/25445
Vendor Advisory
Broken Link
http://secunia.com/advisories/26642
Vendor Advisory
Broken Link
http://secunia.com/advisories/27864
Vendor Advisory
Broken Link
http://secunia.com/advisories/28936
Vendor Advisory
Broken Link
http://security.gentoo.org/glsa/glsa-200705-19.xml
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
Broken Link
http://us2.php.net/releases/4_4_7.php
Release Notes
http://us2.php.net/releases/5_2_2.php
Release Notes
http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
Third Party Advisory
http://www.osvdb.org/32769
Broken Link
http://www.php-security.org/MOPB/MOPB-03-2007.html
Vendor Advisory
Exploit
Broken Link
http://www.php.net/ChangeLog-4.php
Release Notes
http://www.php.net/ChangeLog-5.php#5.2.4
Release Notes
http://www.php.net/releases/4_4_8.php
Release Notes
http://www.php.net/releases/5_2_4.php
Release Notes
http://www.securityfocus.com/bid/22764
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1017771
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-549-2
Third Party Advisory
https://launchpad.net/bugs/173043
Exploit
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017
Broken Link
https://usn.ubuntu.com/549-1/
Broken Link