CVE-2007-0908

Published Feb 13, 2007

Last updated 6 years ago

Overview

Description: The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCAA3859-EAB8-4F6E-84FE-4DBBF9B1A251",
            "versionEndExcluding": "4.4.5",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8CF9623-B049-425F-ADC0-3E7E94E2F7A3",
            "versionEndExcluding": "5.2.1",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEEF2298-98E8-409F-9205-84817CEF947B"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AFC00BA-D64D-4407-AC69-FDD9FF013943"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D80F2A8B-B57F-4970-867A-55E8187C1502"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF4E0EFE-4FF6-4E8F-8EC5-68B059FC0C42"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49965B80-DC27-4864-BDF0-CBBFF16BFD80"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8212495A-0F2A-4787-93F2-F6618F9A777B"
          },
          {
            "criteria": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6F0F8FC-C57A-4AEA-A59F-41140347318A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References