CVE-2007-2872
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Current Description
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Analysis
Description
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
CVE, Inc., Red Hat
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
CVE, Inc., Red Hat
http://osvdb.org/36083
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2007-0889.html
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/25456
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/25535
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26048
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26231
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26838
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26871
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26895
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26930
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/26967
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27037
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27102
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27110
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27351
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27377
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27545
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/27864
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/28318
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/28658
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/28750
CVE, Inc., Red Hat
http://secunia.com/advisories/28936
CVE, Inc., Red Hat
http://secunia.com/advisories/30040
CVE, Inc., Red Hat
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
CVE, Inc., Red Hat
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
CVE, Inc., Red Hat
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
CVE, Inc., Red Hat
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
CVE, Inc., Red Hat
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
CVE, Inc., Red Hat
http://www.php.net/ChangeLog-4.php
CVE, Inc., Red Hat
http://www.php.net/releases/4_4_8.php
CVE, Inc., Red Hat
http://www.php.net/releases/5_2_3.php
CVE, Inc., Red Hat
Patch
http://www.redhat.com/support/errata/RHSA-2007-0888.html
CVE, Inc., Red Hat
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0890.html
CVE, Inc., Red Hat
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0891.html
CVE, Inc., Red Hat
http://www.sec-consult.com/291.html
CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/470244/100/0/threaded
CVE, Inc., Red Hat
http://www.securityfocus.com/archive/1/491693/100/0/threaded
CVE, Inc., Red Hat
http://www.securityfocus.com/bid/24261
CVE, Inc., Red Hat
http://www.securitytracker.com/id?1018186
CVE, Inc., Red Hat
http://www.trustix.org/errata/2007/0023/
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/usn-549-2
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/2061
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/3386
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2008/0059
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2008/0398
CVE, Inc., Red Hat
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398
CVE, Inc., Red Hat
https://issues.rpath.com/browse/RPL-1693
CVE, Inc., Red Hat
https://issues.rpath.com/browse/RPL-1702
CVE, Inc., Red Hat
https://launchpad.net/bugs/173043
CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424
CVE, Inc., Red Hat
https://usn.ubuntu.com/549-1/
CVE, Inc., Red Hat
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
CVE, Inc., Red Hat
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
CVE, Inc., Red Hat
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-189
Numeric Errors
NIST  
Change History
10 change records found show changes
CVE Modified by CVE 11/20/2024 7:31:51 PM
Action
Type
Old Value
New Value
Added
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
Added
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
Added
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
Added
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
Added
Reference
http://osvdb.org/36083
Added
Reference
http://rhn.redhat.com/errata/RHSA-2007-0889.html
Added
Reference
http://secunia.com/advisories/25456
Added
Reference
http://secunia.com/advisories/25535
Added
Reference
http://secunia.com/advisories/26048
Added
Reference
http://secunia.com/advisories/26231
Added
Reference
http://secunia.com/advisories/26838
Added
Reference
http://secunia.com/advisories/26871
Added
Reference
http://secunia.com/advisories/26895
Added
Reference
http://secunia.com/advisories/26930
Added
Reference
http://secunia.com/advisories/26967
Added
Reference
http://secunia.com/advisories/27037
Added
Reference
http://secunia.com/advisories/27102
Added
Reference
http://secunia.com/advisories/27110
Added
Reference
http://secunia.com/advisories/27351
Added
Reference
http://secunia.com/advisories/27377
Added
Reference
http://secunia.com/advisories/27545
Added
Reference
http://secunia.com/advisories/27864
Added
Reference
http://secunia.com/advisories/28318
Added
Reference
http://secunia.com/advisories/28658
Added
Reference
http://secunia.com/advisories/28750
Added
Reference
http://secunia.com/advisories/28936
Added
Reference
http://secunia.com/advisories/30040
Added
Reference
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
Added
Reference
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
Added
Reference
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
Added
Reference
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Added
Reference
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
Added
Reference
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
Added
Reference
http://www.php.net/ChangeLog-4.php
Added
Reference
http://www.php.net/releases/4_4_8.php
Added
Reference
http://www.php.net/releases/5_2_3.php
Added
Reference
http://www.redhat.com/support/errata/RHSA-2007-0888.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2007-0890.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2007-0891.html
Added
Reference
http://www.sec-consult.com/291.html
Added
Reference
http://www.securityfocus.com/archive/1/470244/100/0/threaded
Added
Reference
http://www.securityfocus.com/archive/1/491693/100/0/threaded
Added
Reference
http://www.securityfocus.com/archive/1/491693/100/0/threaded
Added
Reference
http://www.securityfocus.com/bid/24261
Added
Reference
http://www.securitytracker.com/id?1018186
Added
Reference
http://www.trustix.org/errata/2007/0023/
Added
Reference
http://www.ubuntu.com/usn/usn-549-2
Added
Reference
http://www.vupen.com/english/advisories/2007/2061
Added
Reference
http://www.vupen.com/english/advisories/2007/3386
Added
Reference
http://www.vupen.com/english/advisories/2008/0059
Added
Reference
http://www.vupen.com/english/advisories/2008/0398
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398
Added
Reference
https://issues.rpath.com/browse/RPL-1693
Added
Reference
https://issues.rpath.com/browse/RPL-1702
Added
Reference
https://launchpad.net/bugs/173043
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424
Added
Reference
https://usn.ubuntu.com/549-1/
Added
Reference
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
Added
Reference
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
CVE Modified by Red Hat, Inc. 5/13/2024 9:45:36 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc. 2/12/2023 9:17:54 PM
Action
Type
Old Value
New Value
Changed
Description
CVE-2007-2872 php chunk_split integer overflow
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Removed
Reference
https://access.redhat.com/errata/RHSA-2007:0888 [No Types Assigned]
Removed
Reference
https://access.redhat.com/errata/RHSA-2007:0889 [No Types Assigned]
Removed
Reference
https://access.redhat.com/errata/RHSA-2007:0890 [No Types Assigned]
Removed
Reference
https://access.redhat.com/errata/RHSA-2007:0891 [No Types Assigned]
Removed
Reference
https://access.redhat.com/security/cve/CVE-2007-2872 [No Types Assigned]
Removed
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=242032 [No Types Assigned]
CVE Modified by Red Hat, Inc. 2/02/2023 11:15:14 AM
Action
Type
Old Value
New Value
Changed
Description
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
CVE-2007-2872 php chunk_split integer overflow
Added
Reference
https://access.redhat.com/errata/RHSA-2007:0888 [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2007:0889 [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2007:0890 [No Types Assigned]
Added
Reference
https://access.redhat.com/errata/RHSA-2007:0891 [No Types Assigned]
Added
Reference
https://access.redhat.com/security/cve/CVE-2007-2872 [No Types Assigned]
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=242032 [No Types Assigned]
CPE Deprecation Remap by NIST 10/30/2018 12:25:35 PM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:php:php:5.1:*:*:*:*:*:*:*
OR
*cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
CVE Modified by Red Hat, Inc. 10/16/2018 12:46:19 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.securityfocus.com/archive/1/470244/100/0/threaded [No Types Assigned]
Added
Reference
http://www.securityfocus.com/archive/1/491693/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/03/2018 5:47:12 PM
Action
Type
Old Value
New Value
Added
Reference
https://usn.ubuntu.com/549-1/ [No Types Assigned]
Removed
Reference
http://www.ubuntulinux.org/support/documentation/usn/usn-549-1 [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/10/2017 9:32:25 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9424 [No Types Assigned]
CVE Modified by Red Hat, Inc. 7/28/2017 9:31:48 PM
Action
Type
Old Value
New Value
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/39398 [No Types Assigned]
Removed
Reference
http://xforce.iss.net/xforce/xfdb/39398 [No Types Assigned]
Initial CVE Analysis 6/05/2007 8:38:00 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2007-2872 NVD
Published Date: 06/04/2007 NVD
Last Modified: 04/08/2025
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
