PT-2007-5922 · Php+1 · Php+1

Published

2007-09-10

Updated

2018-10-15

CVE-2007-4782

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.3

Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash. This can be achieved by providing a long string in the pattern parameter to the glob function or a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics.

Recommendations: For PHP versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the length of input strings for the glob and fnmatch functions to prevent potential crashes.

Exploit

Fix

DoS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-4782

RHSA-2008:0505

RHSA-2008:0544

RHSA-2008:0545

RHSA-2008:0582

RHSA-2008_0544

RHSA-2008_0545

Affected Products

Php

Red Hat

PT-2007-5922 · Php+1 · Php+1

CVE-2007-4782

Weakness Enumeration

Related Identifiers

Affected Products

References · 35