CVE-2007-2872

Published: Jun 4, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

26231

third-party-advisory

x_refsource_SECUNIA

https://launchpad.net/bugs/173043

x_refsource_CONFIRM

27110

third-party-advisory

x_refsource_SECUNIA

RHSA-2007:0888

vendor-advisory

x_refsource_REDHAT

26048

third-party-advisory

x_refsource_SECUNIA

http://www.sec-consult.com/291.html

x_refsource_MISC

SUSE-SA:2008:004

vendor-advisory

x_refsource_SUSE

OpenPKG-SA-2007.020

vendor-advisory

x_refsource_OPENPKG

28750

third-party-advisory

x_refsource_SECUNIA

ADV-2008-0059

vdb-entry

x_refsource_VUPEN

28658

third-party-advisory

x_refsource_SECUNIA

FEDORA-2007-709

vendor-advisory

x_refsource_FEDORA

26967

third-party-advisory

x_refsource_SECUNIA

27351

third-party-advisory

x_refsource_SECUNIA

php-chunksplit-security-bypass(39398)

vdb-entry

x_refsource_XF

GLSA-200710-02

vendor-advisory

x_refsource_GENTOO

27864

third-party-advisory

x_refsource_SECUNIA

http://www.php.net/releases/4_4_8.php

x_refsource_CONFIRM

1018186

vdb-entry

x_refsource_SECTRACK

SSA:2008-045-03

vendor-advisory

x_refsource_SLACKWARE

30040

third-party-advisory

x_refsource_SECUNIA

ADV-2008-0398

vdb-entry

x_refsource_VUPEN

36083

vdb-entry

x_refsource_OSVDB

28936

third-party-advisory

x_refsource_SECUNIA

26930

third-party-advisory

x_refsource_SECUNIA

FEDORA-2007-2215

vendor-advisory

x_refsource_FEDORA

25456

third-party-advisory

x_refsource_SECUNIA

RHSA-2007:0889

vendor-advisory

x_refsource_REDHAT

2007-0023

vendor-advisory

x_refsource_TRUSTIX

USN-549-1

vendor-advisory

x_refsource_UBUNTU

https://issues.rpath.com/browse/RPL-1693

x_refsource_CONFIRM

ADV-2007-3386

vdb-entry

x_refsource_VUPEN

SSRT080056

vendor-advisory

x_refsource_HP

27037

third-party-advisory

x_refsource_SECUNIA

ADV-2007-2061

vdb-entry

x_refsource_VUPEN

https://issues.rpath.com/browse/RPL-1702

x_refsource_CONFIRM

27545

third-party-advisory

x_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm

x_refsource_CONFIRM

SSA:2007-152-01

vendor-advisory

x_refsource_SLACKWARE

26838

third-party-advisory

x_refsource_SECUNIA

http://www.php.net/releases/5_2_3.php

x_refsource_CONFIRM

SSRT071447

vendor-advisory

x_refsource_HP

27377

third-party-advisory

x_refsource_SECUNIA

HPSBUX02332

vendor-advisory

x_refsource_HP

HPSBUX02262

vendor-advisory

x_refsource_HP

25535

third-party-advisory

x_refsource_SECUNIA

MDKSA-2007:187

vendor-advisory

x_refsource_MANDRIVA

http://www.php.net/ChangeLog-4.php

x_refsource_CONFIRM

27102

third-party-advisory

x_refsource_SECUNIA

26895

third-party-advisory

x_refsource_SECUNIA

SSRT080010

vendor-advisory

x_refsource_HP

28318

third-party-advisory

x_refsource_SECUNIA

USN-549-2

vendor-advisory

x_refsource_UBUNTU

RHSA-2007:0890

vendor-advisory

x_refsource_REDHAT

HPSBUX02308

vendor-advisory

x_refsource_HP

RHSA-2007:0891

vendor-advisory

x_refsource_REDHAT

26871

third-party-advisory

x_refsource_SECUNIA

20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow

mailing-list

x_refsource_BUGTRAQ

oval:org.mitre.oval:def:9424

vdb-entry

signature

x_refsource_OVAL

SUSE-SA:2007:044

vendor-advisory

x_refsource_SUSE

24261

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-2872

Description

Affected Products

References