5

CVE-2007-4784

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.55% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://secunia.com/advisories/28658
http://secunia.com/advisories/27102
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://osvdb.org/38687
http://securityreason.com/securityalert/3114
http://www.securityfocus.com/archive/1/478627/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36458