Описание
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-1285
- https://issues.rpath.com/browse/RPL-1268
- https://launchpad.net/bugs/173043
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017
- https://usn.ubuntu.com/549-1
- http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
- http://rhn.redhat.com/errata/RHSA-2007-0154.html
- http://rhn.redhat.com/errata/RHSA-2007-0155.html
- http://rhn.redhat.com/errata/RHSA-2007-0163.html
- http://secunia.com/advisories/24909
- http://secunia.com/advisories/24910
- http://secunia.com/advisories/24924
- http://secunia.com/advisories/24941
- http://secunia.com/advisories/24945
- http://secunia.com/advisories/25445
- http://secunia.com/advisories/26048
- http://secunia.com/advisories/26642
- http://secunia.com/advisories/27864
- http://secunia.com/advisories/28936
- http://security.gentoo.org/glsa/glsa-200705-19.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
- http://us2.php.net/releases/4_4_7.php
- http://us2.php.net/releases/5_2_2.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
- http://www.osvdb.org/32769
- http://www.php-security.org/MOPB/MOPB-03-2007.html
- http://www.php.net/ChangeLog-4.php
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://www.php.net/releases/4_4_8.php
- http://www.php.net/releases/5_2_4.php
- http://www.redhat.com/support/errata/RHSA-2007-0082.html
- http://www.redhat.com/support/errata/RHSA-2007-0162.html
- http://www.securityfocus.com/archive/1/466166/100/0/threaded
- http://www.securityfocus.com/bid/22764
- http://www.securitytracker.com/id?1017771
- http://www.ubuntu.com/usn/usn-549-2
Связанные уязвимости
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...