fkie_cve-2007-1777
Vulnerability from fkie_nvd
Published
2007-03-30 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php | php | 3.0 | |
| php | php | 3.0.1 | |
| php | php | 3.0.2 | |
| php | php | 3.0.3 | |
| php | php | 3.0.4 | |
| php | php | 3.0.5 | |
| php | php | 3.0.6 | |
| php | php | 3.0.7 | |
| php | php | 3.0.8 | |
| php | php | 3.0.9 | |
| php | php | 3.0.10 | |
| php | php | 3.0.11 | |
| php | php | 3.0.12 | |
| php | php | 3.0.13 | |
| php | php | 3.0.14 | |
| php | php | 3.0.15 | |
| php | php | 3.0.16 | |
| php | php | 3.0.17 | |
| php | php | 3.0.18 | |
| php | php | 4.0.0 | |
| php | php | 4.0.1 | |
| php | php | 4.0.1 | |
| php | php | 4.0.1 | |
| php | php | 4.0.2 | |
| php | php | 4.0.3 | |
| php | php | 4.0.3 | |
| php | php | 4.0.4 | |
| php | php | 4.0.4 | |
| php | php | 4.0.5 | |
| php | php | 4.0.6 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.1.0 | |
| php | php | 4.1.1 | |
| php | php | 4.1.2 | |
| php | php | 4.2 | |
| php | php | 4.2.0 | |
| php | php | 4.2.1 | |
| php | php | 4.2.2 | |
| php | php | 4.2.3 | |
| php | php | 4.3.0 | |
| php | php | 4.3.1 | |
| php | php | 4.3.2 | |
| php | php | 4.3.3 | |
| php | php | 4.3.4 | |
| php | php | 4.3.5 | |
| php | php | 4.3.6 | |
| php | php | 4.3.7 | |
| php | php | 4.3.8 | |
| php | php | 4.3.9 | |
| php | php | 4.3.10 | |
| php | php | 4.3.11 | |
| php | php | 4.4.0 | |
| php | php | 4.4.1 | |
| php | php | 4.4.2 | |
| php | php | 4.4.3 | |
| php | php | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "245C601D-0FE7-47E3-8304-6FF45E9567D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691BB8BB-329A-4640-B758-7590C99B5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BC4CCE-2774-463E-82EA-36CD442D3A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C478024C-2FCD-463F-A75E-E04660AA9DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9C32F4-5102-4E9B-9F32-B24B65A5ED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BD99C0-E875-496E-BE5E-A8DCBD414B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1851ADE5-C70C-46E0-941A-6ADF7DB5C126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69DA3BA2-AF53-4C9D-93FA-0317841595B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0CFEE5-2274-4BBC-A24A-3A0D13F607FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "67B59D6A-7EDA-4C34-81D6-C2557C85D164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBA40B6-8FDF-41AA-8166-F491FF7F3118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E2B72-A428-4BB3-B6F8-0AF5E487A807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2F1D82-8E6A-4FBF-9055-A0F395DC17FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "945FF149-3446-4905-BCA1-C397E3497B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E446DBD-FEFA-4D22-9C9D-51F61C01E414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8DE728-78E1-4F9F-BC56-CD9B10E61287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "80E31CC6-9356-4BB7-9F49-320AAF341E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB8AD3A-9181-459A-9AF2-B3FC6BAF6FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3E7199-8FB7-4930-9C0A-A36A698940B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "419867C6-37BE-43B4-BFE0-6325FEE3807D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "37896E87-95C2-4039-8362-BC03B1C56706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8667FBC6-04B6-40E5-93B3-6C22BEED4B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*",
"matchCriteriaId": "9B8B3138-3DCC-4682-B9A8-920E1110700D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC6A6F47-5C7C-4F82-B23B-9C959C69B27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE1A4DA6-6181-43A8-B0D8-5A016C3E75FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6E36203C-1392-49BB-AE7E-49626963D673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
"matchCriteriaId": "BBA861A2-F0CD-4DBB-B43A-4970EB114DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEA491B-77FD-4760-8F6F-3EBC6BD810D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB25CFBB-347C-479E-8853-F49DD6CBD7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2937B3-D034-400E-84F5-33833CE3764D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n zip_read_entry en PHP 4 versiones anteriores a 4.4.5 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero ZIP que contiene una entrada con un valor de longitud 0xffffffff, que se incrementa antes de ser usado en la llamada a emalloc, disparando un desbordamiento de mont\u00f3n."
}
],
"id": "CVE-2007-1777",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-30T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25025"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25062"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1282"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1283"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.php-security.org/MOPB/MOPB-35-2007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23169"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.php-security.org/MOPB/MOPB-35-2007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. The zip extension was not distributed with PHP as\nshipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\nRed Hat Application Stack 1.\n",
"lastModified": "2007-04-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…