PT-2007-5041 · Php · Php

Published

2007-07-16

Updated

2017-09-29

CVE-2007-3806

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP version 5.2.3

Description: The issue allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. This is probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Recommendations: For PHP version 5.2.3, consider restricting the use of the glob function with invalid flags parameter values until a patch is available. As a temporary workaround, avoid using the flags parameter with unvalidated input to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-20

Related Identifiers

CVE-2007-3806

DSA-1572-1

DSA-1578-1

DTSA-61-1

Affected Products

Php

PT-2007-5041 · Php · Php

CVE-2007-3806

Weakness Enumeration

Related Identifiers

Affected Products

References · 22