CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.7%
The chunk_split function in string.c in PHP 5.2.3 does not properly
calculate the needed buffer size due to precision loss when performing
integer arithmetic with floating point numbers, which has unknown attack
vectors and impact, possibly resulting in a heap-based buffer overflow.
NOTE: this is due to an incomplete fix for CVE-2007-2872.