Lucene search

MitreCVE-2007-1889

HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-1889

2007-04-0601:19:00

mitre

web.nvd.nist.gov

cve-2007-1889

zend memory manager

php 5.2.0

remote code execution

integer signedness error

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.201

Percentile

96.4%

JSON

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

Affected configurations

Nvd

Node

phpphpMatch5.2.0

VendorProductVersionCPE
phpphp5.2.0cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	5.2.0	cpe:2.3:a:php:php:5.2.0:::::::*

References

secunia.com/advisories/25056

secunia.com/advisories/25062

www.debian.org/security/2007/dsa-1283

www.novell.com/linux/security/advisories/2007_32_php.html

www.php-security.org/MOPB/MOPB-43-2007.html

www.php-security.org/MOPB/MOPB-44-2007.html

www.securityfocus.com/bid/23238

exchange.xforce.ibmcloud.com/vulnerabilities/33770

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.201

Percentile

96.4%

JSON

Related for CVE-2007-1889