CVE-2007-1375

Name of the Vulnerable Software and Affected Versions PHP versions 5.2.1 and earlier

Description The issue is related to an integer overflow in the substr compare() function, which allows attackers to read sensitive memory by providing a large value in the length argument. This integer overflow occurs during sanity checks on input parameters, enabling the comparison of offsets outside the allocated buffer and leading to memory access outside the buffer. As a result, sensitive information can be retrieved, causing a loss of confidentiality.

Recommendations For PHP versions 5.2.1 and earlier, consider updating to a newer version to mitigate the risk, as the substr compare() function's integer overflow can be exploited to access sensitive memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.