CVE-2007-1717

Name of the Vulnerable Software and Affected Versions: PHP versions 4.0.0 through 4.4.6 PHP versions 5.0.0 through 5.2.1

Description: The mail function in PHP truncates e-mail messages at the first ASCIIZ ('0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. This issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.

Recommendations: For PHP versions 4.0.0 through 4.4.6, consider updating to a version outside of this range to mitigate the risk. For PHP versions 5.0.0 through 5.2.1, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider modifying the mail function to handle ASCIIZ bytes properly until a patch is available.