Vulnerability Name:

CVE-2007-0988 (CCN-32709)

Assigned:2007-02-14
Published:2007-02-14
Updated:2019-10-09
Summary:The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: SGI
Type: Broken Link
20070201-01-P

Source: MISC
Type: Issue Tracking, Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858

Source: MITRE
Type: CNA
CVE-2007-0988

Source: HP
Type: Broken Link
SSRT071423

Source: HP
Type: Broken Link
HPSBTU02232

Source: CCN
Type: HP Security Bulletin HPSBTU02232 SSRT071429
Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)

Source: OSVDB
Type: Broken Link
32762

Source: CCN
Type: RHSA-2007-0076
Important: php security update

Source: CCN
Type: RHSA-2007-0081
Important: php security update

Source: CCN
Type: RHSA-2007-0082
Important: php security update

Source: CCN
Type: RHSA-2007-0088
Important: php security update

Source: CCN
Type: RHSA-2007-0089
Important: php security update for Stronghold

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0089

Source: SECUNIA
Type: Third Party Advisory
24195

Source: SECUNIA
Type: Third Party Advisory
24217

Source: SECUNIA
Type: Third Party Advisory
24236

Source: SECUNIA
Type: Third Party Advisory
24248

Source: SECUNIA
Type: Third Party Advisory
24284

Source: SECUNIA
Type: Third Party Advisory
24295

Source: SECUNIA
Type: Third Party Advisory
24322

Source: SECUNIA
Type: Third Party Advisory
24419

Source: SECUNIA
Type: Third Party Advisory
24421

Source: CCN
Type: SA24432
Avaya Products PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
24432

Source: SECUNIA
Type: Third Party Advisory
24606

Source: CCN
Type: SA24642
Avaya Products php Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
24642

Source: SECUNIA
Type: Third Party Advisory
25056

Source: CCN
Type: SA25423
HP System Management Homepage PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
25423

Source: CCN
Type: SA25850
HP Secure Web Server/Internet Express for Tru64 UNIX PHP Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
25850

Source: GENTOO
Type: Third Party Advisory
GLSA-200703-21

Source: SREASON
Type: Third Party Advisory
2315

Source: CCN
Type: SECTRACK ID: 1017671
PHP Buffer Overflows and Format String Bugs Permit Code Execution and Denial of Service

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm

Source: CCN
Type: ASA-2007-101
php security update (RHSA-2007-0076)

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm

Source: CCN
Type: ASA-2007-136
php security update (RHSA-2007-081 RHSA-2007-0088)

Source: DEBIAN
Type: DSA-1264
php4 -- several vulnerabilities

Source: CCN
Type: GLSA-200703-21
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:048

Source: SUSE
Type: Broken Link
SUSE-SA:2007:032

Source: CCN
Type: OpenPKG-SA-2007.010
php

Source: OPENPKG
Type: Third Party Advisory
OpenPKG-SA-2007.010

Source: CCN
Type: OSVDB ID: 32762
PHP on 64-bit zend_hash_init Function Remote DoS

Source: CCN
Type: MOPB-05-2007
PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability

Source: MISC
Type: Third Party Advisory
http://www.php-security.org/MOPB/MOPB-05-2007.html

Source: CCN
Type: The PHP Group Web site
PHP 5.2.1 Release Announcement

Source: MISC
Type: Patch, Third Party Advisory
http://www.php.net/releases/5_2_1.php

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0076

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0081

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0082

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0088

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070227 rPSA-2007-0043-1 php php-mysql php-pgsql

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017671

Source: TRUSTIX
Type: Broken Link
2007-0009

Source: CCN
Type: TLSA-2007-20
Multiple vulnerabilities in php

Source: CCN
Type: USN-424-1
PHP vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-424-1

Source: CCN
Type: USN-424-2
PHP regression

Source: UBUNTU
Type: Third Party Advisory
USN-424-2

Source: DEBIAN
Type: Broken Link
DSA-1264

Source: VUPEN
Type: Third Party Advisory
ADV-2007-1991

Source: VUPEN
Type: Third Party Advisory
ADV-2007-2374

Source: XF
Type: Third Party Advisory, VDB Entry
php-zendhashinit-dos(32709)

Source: XF
Type: UNKNOWN
php-zendhashinit-dos(32709)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1088

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11092

Source: SUSE
Type: SUSE-SA:2007:032
PHP security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.4.5)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.2.1)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:stronghold:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20070988
    V
    		CVE-2007-0988
    2015-11-16
    oval:org.mitre.oval:def:22487
    P
    		ELSA-2007:0082: php security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:11092
    V
    		The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
    2013-04-29
    oval:com.redhat.rhsa:def:20070076
    P
    		RHSA-2007:0076: php security update (Important)
    2008-03-20
    oval:com.redhat.rhsa:def:20070082
    P
    		RHSA-2007:0082: php security update (Important)
    2008-03-20
    oval:org.debian:def:1264
    V
    		several vulnerabilities
    2007-03-07
    BACK
    php php 4.0
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.0 beta_4_patch1
    php php 4.0 rc1
    php php 4.0 rc2
    php php *
    php php *
    canonical ubuntu linux 5.10
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    php php 5.0.3
    php php 5.0.4
    php php 5.0.0
    php php 5.0.5
    php php 5.1.1
    php php 5.1.2
    php php 5.1.4
    php php 5.0.2
    php php 5.1.6
    php php 5.2.0
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1
    php php 5.1.0
    php php 5.1.3
    php php 5.1.5
    redhat stronghold -
    openpkg openpkg current
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    novell open enterprise server *
    novell opensuse 10.2