10

CVE-2008-2050

Exploit
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.2.5
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.44% 0.874
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30967
Vendor Advisory
http://www.php.net/ChangeLog-5.php
Patch
Vendor Advisory
http://secunia.com/advisories/30158
Vendor Advisory
http://www.debian.org/security/2008/dsa-1572
Patch
http://secunia.com/advisories/31200
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.ubuntu.com/usn/usn-628-1
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://secunia.com/advisories/31326
Vendor Advisory
http://www.vupen.com/english/advisories/2008/2268
Vendor Advisory
http://secunia.com/advisories/30048
Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://www.securityfocus.com/bid/29009
Patch
http://www.vupen.com/english/advisories/2008/1412
Vendor Advisory
http://secunia.com/advisories/30345
Vendor Advisory
http://secunia.com/advisories/32746
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
http://www.securityfocus.com/archive/1/492535/100/0/threaded
https://issues.rpath.com/browse/RPL-2503
http://secunia.com/advisories/30083
Vendor Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42133