NVD

CVE-2007-3998 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 5.0 MEDIUM

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/05/2007)

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html	CVE, MITRE	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0889.html	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26642	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26822	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26838	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26871	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26895	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26930	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/26967	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/27102	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/27377	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/27545	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/27864	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/28249	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/28658	CVE, MITRE	Third Party Advisory
http://secunia.com/advisories/30288	CVE, MITRE	Third Party Advisory
http://secweb.se/en/advisories/php-wordwrap-vulnerability/	CVE, MITRE	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm	CVE, MITRE	Third Party Advisory
http://www.debian.org/security/2008/dsa-1444	CVE, MITRE	Third Party Advisory
http://www.debian.org/security/2008/dsa-1578	CVE, MITRE	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	CVE, MITRE	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187	CVE, MITRE	Third Party Advisory
http://www.php.net/ChangeLog-5.php#5.2.4	CVE, MITRE	Vendor Advisory
http://www.php.net/releases/5_2_4.php	CVE, MITRE	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0890.html	CVE, MITRE	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0891.html	CVE, MITRE	Third Party Advisory
http://www.trustix.org/errata/2007/0026/	CVE, MITRE	Broken Link
http://www.ubuntu.com/usn/usn-549-2	CVE, MITRE	Third Party Advisory
http://www.vupen.com/english/advisories/2007/3023	CVE, MITRE	Permissions Required Third Party Advisory
https://issues.rpath.com/browse/RPL-1693	CVE, MITRE	Broken Link
https://issues.rpath.com/browse/RPL-1702	CVE, MITRE	Broken Link
https://launchpad.net/bugs/173043	CVE, MITRE	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603	CVE, MITRE	Third Party Advisory
https://usn.ubuntu.com/549-1/	CVE, MITRE	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html	CVE, MITRE	Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-20	Improper Input Validation	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by CVE 11/20/2024 7:34:33 PM

Action	Type	New Value
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
Added	Reference	http://rhn.redhat.com/errata/RHSA-2007-0889.html
Added	Reference	http://secunia.com/advisories/26642
Added	Reference	http://secunia.com/advisories/26822
Added	Reference	http://secunia.com/advisories/26838
Added	Reference	http://secunia.com/advisories/26871
Added	Reference	http://secunia.com/advisories/26895
Added	Reference	http://secunia.com/advisories/26930
Added	Reference	http://secunia.com/advisories/26967
Added	Reference	http://secunia.com/advisories/27102
Added	Reference	http://secunia.com/advisories/27377
Added	Reference	http://secunia.com/advisories/27545
Added	Reference	http://secunia.com/advisories/27864
Added	Reference	http://secunia.com/advisories/28249
Added	Reference	http://secunia.com/advisories/28658
Added	Reference	http://secunia.com/advisories/30288
Added	Reference	http://secweb.se/en/advisories/php-wordwrap-vulnerability/
Added	Reference	http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
Added	Reference	http://www.debian.org/security/2008/dsa-1444
Added	Reference	http://www.debian.org/security/2008/dsa-1578
Added	Reference	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Added	Reference	http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
Added	Reference	http://www.php.net/ChangeLog-5.php#5.2.4
Added	Reference	http://www.php.net/releases/5_2_4.php
Added	Reference	http://www.redhat.com/support/errata/RHSA-2007-0890.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2007-0891.html
Added	Reference	http://www.trustix.org/errata/2007/0026/
Added	Reference	http://www.ubuntu.com/usn/usn-549-2
Added	Reference	http://www.vupen.com/english/advisories/2007/3023
Added	Reference	https://issues.rpath.com/browse/RPL-1693
Added	Reference	https://issues.rpath.com/browse/RPL-1702
Added	Reference	https://launchpad.net/bugs/173043
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603
Added	Reference	https://usn.ubuntu.com/549-1/
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

Modified Analysis by NIST 10/26/2018 9:59:58 AM

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:php:php::::::::* versions up to (including) 4.4.7 cpe:2.3:a:php:php::::::::* versions up to (including) 5.2.3	OR cpe:2.3:o:debian:debian_linux:3.1::::::: cpe:2.3:o:debian:debian_linux:4.0:::::::
Added	CPE Configuration		OR cpe:2.3:a:php:php::::::::* versions from (including) 4.0.0 up to (excluding) 4.4.8 cpe:2.3:a:php:php::::::::* versions from (including) 5.0.0 up to (excluding) 5.2.4
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:6.10::::::: cpe:2.3:o:canonical:ubuntu_linux:7.04::::::: cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::
Changed	Reference Type	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html No Types Assigned	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html Third Party Advisory
Changed	Reference Type	http://rhn.redhat.com/errata/RHSA-2007-0889.html No Types Assigned	http://rhn.redhat.com/errata/RHSA-2007-0889.html Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26642 Patch, Vendor Advisory	http://secunia.com/advisories/26642 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26822 No Types Assigned	http://secunia.com/advisories/26822 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26838 No Types Assigned	http://secunia.com/advisories/26838 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26871 No Types Assigned	http://secunia.com/advisories/26871 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26895 No Types Assigned	http://secunia.com/advisories/26895 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26930 No Types Assigned	http://secunia.com/advisories/26930 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/26967 No Types Assigned	http://secunia.com/advisories/26967 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27102 No Types Assigned	http://secunia.com/advisories/27102 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27377 No Types Assigned	http://secunia.com/advisories/27377 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27545 No Types Assigned	http://secunia.com/advisories/27545 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/27864 No Types Assigned	http://secunia.com/advisories/27864 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/28249 No Types Assigned	http://secunia.com/advisories/28249 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/28658 No Types Assigned	http://secunia.com/advisories/28658 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/30288 No Types Assigned	http://secunia.com/advisories/30288 Third Party Advisory
Changed	Reference Type	http://secweb.se/en/advisories/php-wordwrap-vulnerability/ No Types Assigned	http://secweb.se/en/advisories/php-wordwrap-vulnerability/ Third Party Advisory
Changed	Reference Type	http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm No Types Assigned	http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm Third Party Advisory
Changed	Reference Type	http://www.debian.org/security/2008/dsa-1444 No Types Assigned	http://www.debian.org/security/2008/dsa-1444 Third Party Advisory
Changed	Reference Type	http://www.debian.org/security/2008/dsa-1578 No Types Assigned	http://www.debian.org/security/2008/dsa-1578 Third Party Advisory
Changed	Reference Type	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml No Types Assigned	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml Third Party Advisory
Changed	Reference Type	http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 No Types Assigned	http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 Third Party Advisory
Changed	Reference Type	http://www.php.net/ChangeLog-5.php#5.2.4 Patch	http://www.php.net/ChangeLog-5.php#5.2.4 Vendor Advisory
Changed	Reference Type	http://www.php.net/releases/5_2_4.php No Types Assigned	http://www.php.net/releases/5_2_4.php Vendor Advisory
Changed	Reference Type	http://www.redhat.com/support/errata/RHSA-2007-0890.html No Types Assigned	http://www.redhat.com/support/errata/RHSA-2007-0890.html Third Party Advisory
Changed	Reference Type	http://www.redhat.com/support/errata/RHSA-2007-0891.html No Types Assigned	http://www.redhat.com/support/errata/RHSA-2007-0891.html Third Party Advisory
Changed	Reference Type	http://www.trustix.org/errata/2007/0026/ No Types Assigned	http://www.trustix.org/errata/2007/0026/ Broken Link
Changed	Reference Type	http://www.ubuntu.com/usn/usn-549-2 No Types Assigned	http://www.ubuntu.com/usn/usn-549-2 Third Party Advisory
Changed	Reference Type	http://www.vupen.com/english/advisories/2007/3023 No Types Assigned	http://www.vupen.com/english/advisories/2007/3023 Permissions Required, Third Party Advisory
Changed	Reference Type	https://issues.rpath.com/browse/RPL-1693 No Types Assigned	https://issues.rpath.com/browse/RPL-1693 Broken Link
Changed	Reference Type	https://issues.rpath.com/browse/RPL-1702 No Types Assigned	https://issues.rpath.com/browse/RPL-1702 Broken Link
Changed	Reference Type	https://launchpad.net/bugs/173043 No Types Assigned	https://launchpad.net/bugs/173043 Third Party Advisory
Changed	Reference Type	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603 No Types Assigned	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603 Third Party Advisory
Changed	Reference Type	https://usn.ubuntu.com/549-1/ No Types Assigned	https://usn.ubuntu.com/549-1/ Third Party Advisory
Changed	Reference Type	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html No Types Assigned	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2007-3998
NVD Published Date:
09/04/2007
NVD Last Modified:
04/08/2025
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2007-3998 Detail

Description

Metrics

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/05/2007)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:34:33 PM

CVE Modified by MITRE 5/13/2024 9:46:54 PM

Modified Analysis by NIST 10/26/2018 9:59:58 AM

CVE Modified by MITRE 10/03/2018 5:47:51 PM

CVE Modified by MITRE 9/28/2017 9:29:11 PM

Initial CVE Analysis 9/05/2007 8:43:00 AM

Quick Info