ID CVE-2007-4661
Summary The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-10-2018 - 21:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm
gentoo GLSA-200710-02
misc http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
secunia
  • 26642
  • 26838
  • 27102
  • 27864
  • 28658
suse SUSE-SA:2008:004
ubuntu
  • USN-549-1
  • USN-549-2
statements via4
  • contributor Vincent Danen
    lastmodified 2007-09-18
    organization Mandriva
    statement Not vulnerable. Mandriva has not issued an update to date to fix CVE-2007-2872 and the updates in progress are using a correct fix.
  • contributor Mark J Cox
    lastmodified 2007-09-05
    organization Red Hat
    statement Not vulnerable. Red Hat did not include an incomplete fix for CVE-2007-2872 for PHP in Red Hat Enterprise Linux or Red Hat Application Stack.
Last major update 03-10-2018 - 21:48
Published 04-09-2007 - 22:17
Back to Top