7.5
CVE-2007-1887
- EPSS 4.75%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version6.10
Canonical ≫ Ubuntu Linux Version7.04
Debian ≫ Debian Linux Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.75% | 0.907 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://secunia.com/advisories/27037
http://www.vupen.com/english/advisories/2007/3386
http://www.php.net/releases/5_2_1.php
http://secunia.com/advisories/24909
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
http://secunia.com/advisories/25062
http://www.debian.org/security/2007/dsa-1283
http://secunia.com/advisories/25057
http://www.ubuntu.com/usn/usn-455-1
http://secunia.com/advisories/27102
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://secunia.com/advisories/27110
http://www.php-security.org/MOPB/MOPB-41-2007.html
http://www.php.net/releases/5_2_3.php
http://www.securityfocus.com/bid/23235
http://www.vupen.com/english/advisories/2007/2016
https://exchange.xforce.ibmcloud.com/vulnerabilities/33766
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html