QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-4657

Back to search

CVE-2007-4657

Published: Sep 4, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

VendorProductVersions

n/a

n/a

affected
n/a

References

30288
third-party-advisory
x_refsource_SECUNIA
php-strcspn-overflow(36388)
vdb-entry
x_refsource_XF
26822
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0059
vdb-entry
x_refsource_VUPEN
DSA-1444
vendor-advisory
x_refsource_DEBIAN
GLSA-200710-02
vendor-advisory
x_refsource_GENTOO
27864
third-party-advisory
x_refsource_SECUNIA
SSA:2008-045-03
vendor-advisory
x_refsource_SLACKWARE
28936
third-party-advisory
x_refsource_SECUNIA
2007-0026
vendor-advisory
x_refsource_TRUSTIX
USN-549-1
vendor-advisory
x_refsource_UBUNTU
28249
third-party-advisory
x_refsource_SECUNIA
DSA-1578
vendor-advisory
x_refsource_DEBIAN
26838
third-party-advisory
x_refsource_SECUNIA
27377
third-party-advisory
x_refsource_SECUNIA
27102
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3023
vdb-entry
x_refsource_VUPEN
28318
third-party-advisory
x_refsource_SECUNIA
USN-549-2
vendor-advisory
x_refsource_UBUNTU
26642
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now