6.8

CVE-2007-2872

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 4.4.7
PhpPhp Version5.0.0
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.88% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://secunia.com/advisories/27037
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3386
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://secunia.com/advisories/28658
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://secunia.com/advisories/26048
Vendor Advisory
http://secunia.com/advisories/27864
Vendor Advisory
http://secunia.com/advisories/28936
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
http://www.php.net/ChangeLog-4.php
http://www.php.net/releases/4_4_8.php
http://www.ubuntu.com/usn/usn-549-2
https://launchpad.net/bugs/173043
https://usn.ubuntu.com/549-1/
http://secunia.com/advisories/26895
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://secunia.com/advisories/26231
Vendor Advisory
http://www.trustix.org/errata/2007/0023/
http://secunia.com/advisories/27102
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://secunia.com/advisories/27110
Vendor Advisory
http://www.php.net/releases/5_2_3.php
Patch
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
http://secunia.com/advisories/25535
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
http://secunia.com/advisories/27377
Vendor Advisory
https://issues.rpath.com/browse/RPL-1693
http://rhn.redhat.com/errata/RHSA-2007-0889.html
Vendor Advisory
http://secunia.com/advisories/26967
Vendor Advisory
http://secunia.com/advisories/27351
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0888.html
Vendor Advisory
http://secunia.com/advisories/26871
Vendor Advisory
http://secunia.com/advisories/26930
Vendor Advisory
http://secunia.com/advisories/27545
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://www.redhat.com/support/errata/RHSA-2007-0890.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0891.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://osvdb.org/36083
http://secunia.com/advisories/25456
Vendor Advisory
http://secunia.com/advisories/26838
Vendor Advisory
http://secunia.com/advisories/28318
Vendor Advisory
http://secunia.com/advisories/28750
http://secunia.com/advisories/30040
Vendor Advisory
http://www.sec-consult.com/291.html
http://www.securityfocus.com/archive/1/470244/100/0/threaded
http://www.securityfocus.com/archive/1/491693/100/0/threaded
http://www.securityfocus.com/bid/24261
http://www.securitytracker.com/id?1018186
http://www.vupen.com/english/advisories/2007/2061
http://www.vupen.com/english/advisories/2008/0059
http://www.vupen.com/english/advisories/2008/0398
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398
https://issues.rpath.com/browse/RPL-1702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424