PHP : Security Vulnerabilities, CVEs, Published In February 2007 (Denial of service)

CVE-2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Max CVSS
4.3
EPSS Score
0.81%
Published
2007-02-20
Updated
2019-10-09

CVE-2007-0911

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
Max CVSS
7.8
EPSS Score
3.18%
Published
2007-02-13
Updated
2018-10-16

CVE-2007-0907

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
Max CVSS
5.0
EPSS Score
4.22%
Published
2007-02-13
Updated
2018-10-30

CVE-2007-0906

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
Max CVSS
7.5
EPSS Score
1.62%
Published
2007-02-13
Updated
2018-10-30
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close