PT-2007-2701 · Php+1 · Php+1

Published

2007-03-06

Updated

2018-10-16

CVE-2007-1286

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.4

Description The issue is caused by an integer overflow in the unserialize function when handling long strings, allowing remote context-dependent attackers to execute arbitrary code. This is triggered by the overflow in the ZVAL reference counter.

Recommendations For PHP versions prior to 4.4.4, update to a version that contains a fix for this issue to prevent the execution of arbitrary code. As a temporary workaround, consider restricting the use of the unserialize function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1286

DSA-1282-1

DSA-1283-1

DTSA-39-1

DTSA-40-1

RHSA-2007:0154

RHSA-2007:0155

RHSA-2007:0163

RHSA-2007_0155

Affected Products

Php

Red Hat

PT-2007-2701 · Php+1 · Php+1

CVE-2007-1286

Related Identifiers

Affected Products

References · 54