Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2007-3998

Опубликовано: 04 сент. 2007
Источник: debian
EPSS Низкий

Описание

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.2.4-1package
php4removedpackage

Примечания

  • this applies to php4 as well

  • i think it is medium since it can be easily used to DoS on shared hosting systems

  • a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c

  • so maybe this is already fixed in 5.2.3, not sure

  • fixed in php5/etch svn

  • http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64

EPSS

Процентиль: 90%
0.05186
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2007-3998

ubuntu
почти 18 лет назад

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

redhat логотип

CVE-2007-3998

redhat
почти 18 лет назад

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

nvd логотип

CVE-2007-3998

nvd
почти 18 лет назад

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

github логотип

GHSA-7r5x-79rr-q8gm

github
больше 3 лет назад

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

oracle-oval логотип

ELSA-2007-0890

oracle-oval
почти 18 лет назад

ELSA-2007-0890: Moderate: php security update (MODERATE)

EPSS

Процентиль: 90%
0.05186
Низкий