7.5
CVE-2007-1285
- EPSS 6.89%
- Veröffentlicht 06.03.2007 20:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version7.10
Novell ≫ Suse Linux Version10.0
Novell ≫ Suse Linux Version10.1
Suse ≫ Linux Enterprise Server Version8
Suse ≫ Linux Enterprise Server Version10 Updatesp1
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Enterprise Linux Server Version2.0
Redhat ≫ Enterprise Linux Server Version3.0
Redhat ≫ Enterprise Linux Server Version4.0
Redhat ≫ Enterprise Linux Workstation Version2.0
Redhat ≫ Enterprise Linux Workstation Version3.0
Redhat ≫ Enterprise Linux Workstation Version4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.89% | 0.91 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.