Stay Connected:

CVE-2007-4782

CVE Details

Release Date:2007-09-10
Impact:Low What is this?

Description


PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a *[1]e value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.

See more information about CVE-2007-4782 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v2 metrics

Base Score: 5.0
Vector String: AV:N/AC:L/Au:N/C:N/I:N/A:P
Version: 2.0
Attack Vector: Network
Attack Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Enterprise Linux version 3 (php)ELSA-2008-05442008-07-16
Oracle Enterprise Linux version 4 (php)ELSA-2008-05452008-07-16
Oracle Linux version 5 (php)ELSA-2008-05442008-07-16


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights