PT-2007-3233 · Php+2 · Php+2

Published

2007-04-05

Updated

2022-07-21

CVE-2007-1887

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.5 PHP versions prior to 5.2.1

Description: A buffer overflow issue exists in the sqlite decode binary function within the bundled sqlite library. This allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. The issue can be demonstrated by calling the sqlite udf decode binary function with a 0x01 character.

Recommendations: For PHP versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. For PHP versions prior to 5.2.1, update to version 5.2.1 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2007-1887

DSA-1283-1

DTSA-39-1

HPSBUX02262

Affected Products

Hp-Ux

Php

Sqlite

PT-2007-3233 · Php+2 · Php+2

CVE-2007-1887

Weakness Enumeration

Related Identifiers

Affected Products

References · 47