CVE-2007-4784

EPSS 1.66%
Published 10.09.2007 21:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version <= 5.2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.66%	0.815

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

http://secunia.com/advisories/28658

http://secunia.com/advisories/27102

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

http://osvdb.org/38687

http://securityreason.com/securityalert/3114

http://www.securityfocus.com/archive/1/478627/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/36458

https://nvd.nist.gov/vuln/detail/CVE-2007-4784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4784

EUVD