NVD

CVE-2007-4657 Detail

Description

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 7.5 HIGH

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/05/2007)

The only effect of this bug is to cause the process to read from a random segment of memory, if a large "length" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136	Mailing List Third Party Advisory
http://www.debian.org/security/2008/dsa-1444	Third Party Advisory
http://www.debian.org/security/2008/dsa-1578	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	Third Party Advisory
http://www.php.net/ChangeLog-4.php	Vendor Advisory
http://www.php.net/ChangeLog-5.php#5.2.4	Patch Vendor Advisory
http://www.php.net/releases/4_4_8.php	Vendor Advisory
http://www.php.net/releases/5_2_4.php	Vendor Advisory
http://www.trustix.org/errata/2007/0026/	Broken Link
http://www.ubuntu.com/usn/usn-549-2	Broken Link
http://www.vupen.com/english/advisories/2007/3023	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0059	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36388	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39399	Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-1693	Broken Link
https://issues.rpath.com/browse/RPL-1702	Broken Link
https://launchpad.net/bugs/173043	Third Party Advisory
https://usn.ubuntu.com/549-1/	Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	NIST
CWE-189	Numeric Errors	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Modified Analysis by NIST 10/26/2018 10:05:07 AM

Action	Type	Old Value	New Value
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:6.10::::::: cpe:2.3:o:canonical:ubuntu_linux:7.04::::::: cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:3.1::::::: cpe:2.3:o:debian:debian_linux:4.0:::::::
Changed	CPE Configuration	OR cpe:2.3:a:php:php::::::::* versions up to (including) 4.4.7 cpe:2.3:a:php:php::::::::* versions up to (including) 5.2.3	OR cpe:2.3:a:php:php::::::::* versions from (including) 4.0.0 up to (excluding) 4.4.8 cpe:2.3:a:php:php::::::::* versions from (including) 5.0.0 up to (excluding) 5.2.4
Changed	Reference Type	http://secunia.com/advisories/26642 Patch, Vendor Advisory	http://secunia.com/advisories/26642 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26822 No Types Assigned	http://secunia.com/advisories/26822 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26838 No Types Assigned	http://secunia.com/advisories/26838 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27102 No Types Assigned	http://secunia.com/advisories/27102 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27377 No Types Assigned	http://secunia.com/advisories/27377 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27864 No Types Assigned	http://secunia.com/advisories/27864 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/28249 No Types Assigned	http://secunia.com/advisories/28249 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/28318 No Types Assigned	http://secunia.com/advisories/28318 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/28936 No Types Assigned	http://secunia.com/advisories/28936 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/30288 No Types Assigned	http://secunia.com/advisories/30288 Third Party Advisory
Changed	Reference Type	http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/ Exploit, Patch	http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/ Third Party Advisory
Changed	Reference Type	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 No Types Assigned	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 Mailing List, Third Party Advisory
Changed	Reference Type	http://www.debian.org/security/2008/dsa-1444 No Types Assigned	http://www.debian.org/security/2008/dsa-1444 Third Party Advisory
Changed	Reference Type	http://www.debian.org/security/2008/dsa-1578 No Types Assigned	http://www.debian.org/security/2008/dsa-1578 Third Party Advisory
Changed	Reference Type	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml No Types Assigned	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml Third Party Advisory
Changed	Reference Type	http://www.php.net/ChangeLog-4.php No Types Assigned	http://www.php.net/ChangeLog-4.php Vendor Advisory
Changed	Reference Type	http://www.php.net/ChangeLog-5.php#5.2.4 Patch	http://www.php.net/ChangeLog-5.php#5.2.4 Patch, Vendor Advisory
Changed	Reference Type	http://www.php.net/releases/4_4_8.php No Types Assigned	http://www.php.net/releases/4_4_8.php Vendor Advisory
Changed	Reference Type	http://www.php.net/releases/5_2_4.php No Types Assigned	http://www.php.net/releases/5_2_4.php Vendor Advisory
Changed	Reference Type	http://www.trustix.org/errata/2007/0026/ No Types Assigned	http://www.trustix.org/errata/2007/0026/ Broken Link
Changed	Reference Type	http://www.ubuntu.com/usn/usn-549-2 No Types Assigned	http://www.ubuntu.com/usn/usn-549-2 Broken Link
Changed	Reference Type	http://www.vupen.com/english/advisories/2007/3023 No Types Assigned	http://www.vupen.com/english/advisories/2007/3023 Third Party Advisory
Changed	Reference Type	http://www.vupen.com/english/advisories/2008/0059 No Types Assigned	http://www.vupen.com/english/advisories/2008/0059 Third Party Advisory
Changed	Reference Type	https://exchange.xforce.ibmcloud.com/vulnerabilities/36388 No Types Assigned	https://exchange.xforce.ibmcloud.com/vulnerabilities/36388 Third Party Advisory, VDB Entry
Changed	Reference Type	https://exchange.xforce.ibmcloud.com/vulnerabilities/39399 No Types Assigned	https://exchange.xforce.ibmcloud.com/vulnerabilities/39399 Third Party Advisory, VDB Entry
Changed	Reference Type	https://issues.rpath.com/browse/RPL-1693 No Types Assigned	https://issues.rpath.com/browse/RPL-1693 Broken Link
Changed	Reference Type	https://issues.rpath.com/browse/RPL-1702 No Types Assigned	https://issues.rpath.com/browse/RPL-1702 Broken Link
Changed	Reference Type	https://launchpad.net/bugs/173043 No Types Assigned	https://launchpad.net/bugs/173043 Third Party Advisory
Changed	Reference Type	https://usn.ubuntu.com/549-1/ No Types Assigned	https://usn.ubuntu.com/549-1/ Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2007-4657
NVD Published Date:
09/04/2007
NVD Last Modified:
10/26/2018
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2007-4657 Detail

Description

Metrics

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/05/2007)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by MITRE 5/13/2024 9:47:38 PM

Modified Analysis by NIST 10/26/2018 10:05:07 AM

CVE Modified by MITRE 10/03/2018 5:48:11 PM

CVE Modified by MITRE 7/28/2017 9:33:05 PM

Initial CVE Analysis 9/05/2007 10:06:00 AM

Quick Info