PT-2007-3234 · Sqlite+1 · Sqlite+1

Published

2007-04-05

Updated

2018-10-30

CVE-2007-1888

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SQLite 2 PHP versions 4.x through 5.x

Description: A buffer overflow issue in the sqlite decode binary function allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. The SQLite developer has argued that this issue could be due to a misuse of the sqlite decode binary() API.

Recommendations: For SQLite 2, consider disabling the sqlite decode binary() function until a patch is available. For PHP versions 4.x through 5.x, restrict the use of the sqlite decode binary() function in the SQLite API to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1888

Affected Products

Php

Sqlite

PT-2007-3234 · Sqlite+1 · Sqlite+1

CVE-2007-1888

Related Identifiers

Affected Products

References · 12