| Vulnerability Name: | CVE-2007-4657 (CCN-36388) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-08-30 | ||||||||||||||||||||||||||||||||||||
| Published: | 2007-08-30 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-26 | ||||||||||||||||||||||||||||||||||||
| Summary: | Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. Note: this affects different product versions than CVE-2007-3996. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 CWE-119 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4657 Source: CCN Type: SA26442 Infrant ReadyNAS Devices SSH Default Root Password Weakness Source: CCN Type: SA26642 PHP Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26642 Source: SECUNIA Type: Third Party Advisory 26822 Source: SECUNIA Type: Third Party Advisory 26838 Source: SECUNIA Type: Third Party Advisory 27102 Source: SECUNIA Type: Third Party Advisory 27377 Source: SECUNIA Type: Third Party Advisory 27864 Source: SECUNIA Type: Third Party Advisory 28249 Source: CCN Type: SA28318 PHP Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 28318 Source: SECUNIA Type: Third Party Advisory 28936 Source: SECUNIA Type: Third Party Advisory 30288 Source: MISC Type: Third Party Advisory http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/ Source: SLACKWARE Type: Mailing List, Third Party Advisory SSA:2008-045-03 Source: DEBIAN Type: Third Party Advisory DSA-1444 Source: DEBIAN Type: Third Party Advisory DSA-1578 Source: DEBIAN Type: DSA-1444 php5 -- several vulnerabilities Source: DEBIAN Type: DSA-1578 php4 -- several vulnerabilities Source: CCN Type: GLSA-200710-02 PHP: Multiple vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-200710-02 Source: CONFIRM Type: Vendor Advisory http://www.php.net/ChangeLog-4.php Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/ChangeLog-5.php#5.2.4 Source: CONFIRM Type: Vendor Advisory http://www.php.net/releases/4_4_8.php Source: CCN Type: PHP Web site PHP 5.2.4 Release Announcement Source: CONFIRM Type: Vendor Advisory http://www.php.net/releases/5_2_4.php Source: TRUSTIX Type: Broken Link 2007-0026 Source: CCN Type: USN-549-1 PHP vulnerabilities Source: CCN Type: USN-549-2 PHP regression Source: UBUNTU Type: Broken Link USN-549-2 Source: VUPEN Type: Third Party Advisory ADV-2007-3023 Source: VUPEN Type: Third Party Advisory ADV-2008-0059 Source: XF Type: Third Party Advisory, VDB Entry php-strcspn-overflow(36388) Source: XF Type: UNKNOWN php-strcspn-overflow(36388) Source: XF Type: Third Party Advisory, VDB Entry php-strcspn-strspn-unspecified(39399) Source: CONFIRM Type: Broken Link https://issues.rpath.com/browse/RPL-1693 Source: CONFIRM Type: Broken Link https://issues.rpath.com/browse/RPL-1702 Source: CONFIRM Type: Third Party Advisory https://launchpad.net/bugs/173043 Source: UBUNTU Type: Third Party Advisory USN-549-1 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||