Back to search
CVE-2007-1889
Published: Apr 6, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25056
third-party-advisory
x_refsource_SECUNIA
DSA-1283
vendor-advisory
x_refsource_DEBIAN
http://www.php-security.org/MOPB/MOPB-43-2007.html
x_refsource_MISC
23238
vdb-entry
x_refsource_BID
http://www.php-security.org/MOPB/MOPB-44-2007.html
x_refsource_MISC
25062
third-party-advisory
x_refsource_SECUNIA
zend-zendmmallocint-bo(33770)
vdb-entry
x_refsource_XF
SUSE-SA:2007:032
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now