Vulnerability Details : CVE-2007-4657
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2007-4657
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Threat overview for CVE-2007-4657
Top countries where our scanners detected CVE-2007-4657
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-4657 24,373
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-4657!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-4657
2.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4657
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-4657
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4657
-
Red Hat 2007-09-05The only effect of this bug is to cause the process to read from a random segment of memory, if a large "length" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact.
References for CVE-2007-4657
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39399
Third Party Advisory;VDB Entry
-
http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/
Third Party Advisory
-
http://www.php.net/ChangeLog-5.php#5.2.4
PHP: PHP 5 ChangeLogPatch;Vendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
The Slackware Linux Project: Slackware Security AdvisoriesMailing List;Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1702
Broken Link
-
http://www.vupen.com/english/advisories/2008/0059
Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36388
Third Party Advisory;VDB Entry
-
http://www.trustix.org/errata/2007/0026/
Trustix | Empowering Trust and Security in the Digital AgeBroken Link
-
http://www.vupen.com/english/advisories/2007/3023
Site en constructionThird Party Advisory
-
http://www.php.net/ChangeLog-4.php
PHP: PHP 4 ChangeLogVendor Advisory
-
https://usn.ubuntu.com/549-1/
404: Page not found | UbuntuThird Party Advisory
-
http://www.debian.org/security/2008/dsa-1444
Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1578
Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
PHP: Multiple vulnerabilities (GLSA 200710-02) — Gentoo securityThird Party Advisory
-
http://www.php.net/releases/5_2_4.php
PHP: PHP 5.2.4 Release AnnouncementVendor Advisory
-
http://www.php.net/releases/4_4_8.php
PHP: PHP 4.4.8 Release AnnouncementVendor Advisory
-
https://launchpad.net/bugs/173043
Bug #173043 “php5 5.2.3-1ubuntu6.1 introduced segfault regressio...” : Bugs : php5 package : UbuntuThird Party Advisory
-
https://issues.rpath.com/browse/RPL-1693
Broken Link
-
http://www.ubuntu.com/usn/usn-549-2
USN-549-2: PHP regression | Ubuntu security notices | UbuntuBroken Link
Jump to