CVE-2007-1888

Name of the Vulnerable Software and Affected Versions: SQLite 2 PHP versions 4.x through 5.x

Description: A buffer overflow issue in the sqlite decode binary function allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. The SQLite developer has argued that this issue could be due to a misuse of the sqlite decode binary() API.

Recommendations: For SQLite 2, consider disabling the sqlite decode binary() function until a patch is available. For PHP versions 4.x through 5.x, restrict the use of the sqlite decode binary() function in the SQLite API to minimize the risk of exploitation.