Vulnerability Details : CVE-2008-1384
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
Vulnerability category: OverflowDenial of service
Products affected by CVE-2008-1384
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Threat overview for CVE-2008-1384
Top countries where our scanners detected CVE-2008-1384
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-1384 10,010
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-1384!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-1384
1.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1384
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-1384
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-1384
-
Red Hat 2008-03-28Red Hat do not consider this to be a security vulnerability: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1384
References for CVE-2008-1384
-
http://www.securityfocus.com/bid/28392
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
-
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
-
http://securityreason.com/achievement_securityalert/52
Exploit
-
http://security.gentoo.org/glsa/glsa-200811-05.xml
PHP: Multiple vulnerabilities (GLSA 200811-05) — Gentoo security
-
https://issues.rpath.com/browse/RPL-2503
-
http://www.securityfocus.com/archive/1/489962/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
-
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:014 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
-
http://www.debian.org/security/2008/dsa-1572
-
http://www.securityfocus.com/archive/1/492535/100/0/threaded
-
http://www.securityfocus.com/archive/1/492671/100/0/threaded
-
http://www.ubuntu.com/usn/usn-628-1
USN-628-1: PHP vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
Mandriva
Jump to