PT-2007-2701 · Php+1 · Php+1

Publicado

2007-03-06

Atualizado

2018-10-16

CVE-2007-1286

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.4

Description The issue is caused by an integer overflow in the unserialize function when handling long strings, allowing remote context-dependent attackers to execute arbitrary code. This is triggered by the overflow in the ZVAL reference counter.

Recommendations For PHP versions prior to 4.4.4, update to a version that contains a fix for this issue to prevent the execution of arbitrary code. As a temporary workaround, consider restricting the use of the unserialize function until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-1286

DSA-1282-1

DSA-1283-1

DTSA-39-1

DTSA-40-1

RHSA-2007:0154

RHSA-2007:0155

RHSA-2007:0163

RHSA-2007_0155

Produtos afetados

Php

Red Hat

PT-2007-2701 · Php+1 · Php+1

CVE-2007-1286

Identificadores relacionados

Produtos afetados

Referências · 54