5

CVE-2007-3998

EPSS 7.29%
Published 04.09.2007 18:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

Affected products Warnungen 0 Metrics 2 CWE 1 References 38

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version >= 4.0.0 < 4.4.8

Php ≫ Php Version >= 5.0.0 < 5.2.4

Debian ≫ Debian Linux Version3.1

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version6.10

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.29%	0.913

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

Third Party Advisory

http://secunia.com/advisories/28658

Third Party Advisory

http://secunia.com/advisories/26642

Third Party Advisory

http://secunia.com/advisories/27864

Third Party Advisory

http://www.php.net/ChangeLog-5.php#5.2.4

Vendor Advisory

http://www.php.net/releases/5_2_4.php

Vendor Advisory

http://www.ubuntu.com/usn/usn-549-2

Third Party Advisory

https://launchpad.net/bugs/173043

Third Party Advisory

https://usn.ubuntu.com/549-1/

Third Party Advisory

http://secunia.com/advisories/26895

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:187

Third Party Advisory

http://secunia.com/advisories/27102

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

Third Party Advisory

http://secunia.com/advisories/27377

Third Party Advisory

https://issues.rpath.com/browse/RPL-1693

Broken Link

http://rhn.redhat.com/errata/RHSA-2007-0889.html

Third Party Advisory

http://secunia.com/advisories/26967

Third Party Advisory

http://secunia.com/advisories/26871

Third Party Advisory

http://secunia.com/advisories/26930

Third Party Advisory

http://secunia.com/advisories/27545

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0890.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0891.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

Third Party Advisory

http://secunia.com/advisories/26838

Third Party Advisory

https://issues.rpath.com/browse/RPL-1702

Broken Link

http://secunia.com/advisories/26822

Third Party Advisory

http://www.trustix.org/errata/2007/0026/

Broken Link

http://www.vupen.com/english/advisories/2007/3023

Third Party Advisory

Permissions Required

http://secunia.com/advisories/28249

Third Party Advisory

http://secunia.com/advisories/30288

Third Party Advisory

http://www.debian.org/security/2008/dsa-1444

Third Party Advisory

http://www.debian.org/security/2008/dsa-1578

Third Party Advisory

http://secweb.se/en/advisories/php-wordwrap-vulnerability/

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-3998

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3998

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3998

EUVD