7.5

CVE-2007-1887

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 4.0 < 4.4.5
PhpPhp Version >= 5.0.0 < 5.2.3
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
DebianDebian Linux Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.75% 0.907
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
Broken Link
http://secunia.com/advisories/27037
Not Applicable
http://www.vupen.com/english/advisories/2007/3386
Permissions Required
http://www.php.net/releases/5_2_1.php
Vendor Advisory
Release Notes
http://secunia.com/advisories/24909
Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
Broken Link
http://secunia.com/advisories/25062
Not Applicable
http://www.debian.org/security/2007/dsa-1283
Third Party Advisory
http://secunia.com/advisories/25057
Not Applicable
http://www.ubuntu.com/usn/usn-455-1
Third Party Advisory
http://secunia.com/advisories/27102
Not Applicable
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Third Party Advisory
http://secunia.com/advisories/27110
Not Applicable
http://www.php-security.org/MOPB/MOPB-41-2007.html
Vendor Advisory
Broken Link
http://www.php.net/releases/5_2_3.php
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/23235
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/2016
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/33766
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
Third Party Advisory
Mailing List