CVE-2007-4657

Published Sep 4, 2007

Last updated 6 years ago

CVSS info 7.5

Overview

Description: Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Vendor comments

Red HatThe only effect of this bug is to cause the process to read from a random segment of memory, if a large "length" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6C219FD-2507-491C-B38F-777D1A626FEC",
            "versionEndExcluding": "4.4.8",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EABE00F5-DB5A-480D-8D77-73C04DBAB2A0",
            "versionEndExcluding": "5.2.4",
            "versionStartIncluding": "5.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References