7.8
CVE-2007-1649
- EPSS 7.21%
- Veröffentlicht 24.03.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.21% | 0.935 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
http://us2.php.net/releases/5_2_2.php
http://secunia.com/advisories/24630
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
http://www.php-security.org/MOPB/MOPB-29-2007.html
http://www.securityfocus.com/bid/23105
https://exchange.xforce.ibmcloud.com/vulnerabilities/33170