Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Published

2007-02-20T17:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	< 4.4.5	Yes
Application	php	php	< 5.2.1	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Operating System	canonical	ubuntu_linux	5.10	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc Broken Link ([email protected])
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 Issue Tracking, Third Party Advisory ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 Broken Link ([email protected])
http://osvdb.org/32762 Broken Link ([email protected])
http://rhn.redhat.com/errata/RHSA-2007-0089.html Third Party Advisory ([email protected])
http://secunia.com/advisories/24195 Third Party Advisory ([email protected])
http://secunia.com/advisories/24217 Third Party Advisory ([email protected])
http://secunia.com/advisories/24236 Third Party Advisory ([email protected])
http://secunia.com/advisories/24248 Third Party Advisory ([email protected])
http://secunia.com/advisories/24284 Third Party Advisory ([email protected])
http://secunia.com/advisories/24295 Third Party Advisory ([email protected])
http://secunia.com/advisories/24322 Third Party Advisory ([email protected])
http://secunia.com/advisories/24419 Third Party Advisory ([email protected])
http://secunia.com/advisories/24421 Third Party Advisory ([email protected])
http://secunia.com/advisories/24432 Third Party Advisory ([email protected])
http://secunia.com/advisories/24606 Third Party Advisory ([email protected])
http://secunia.com/advisories/24642 Third Party Advisory ([email protected])
http://secunia.com/advisories/25056 Third Party Advisory ([email protected])
http://secunia.com/advisories/25423 Third Party Advisory ([email protected])
http://secunia.com/advisories/25850 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200703-21.xml Third Party Advisory ([email protected])
http://securityreason.com/securityalert/2315 Third Party Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm Third Party Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 Third Party Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_32_php.html Broken Link ([email protected])
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html Third Party Advisory ([email protected])
http://www.php-security.org/MOPB/MOPB-05-2007.html Third Party Advisory ([email protected])
http://www.php.net/releases/5_2_1.php Patch, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0076.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0081.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0082.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0088.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/461462/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1017671 Third Party Advisory, VDB Entry ([email protected])
http://www.trustix.org/errata/2007/0009/ Broken Link ([email protected])
http://www.ubuntu.com/usn/usn-424-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-424-2 Third Party Advisory ([email protected])
http://www.us.debian.org/security/2007/dsa-1264 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2007/1991 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/2374 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32709 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-1088 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092 Third Party Advisory ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/32762 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2007-0089.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24195 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24217 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24236 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24248 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24284 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24295 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24322 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24419 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24421 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24432 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24606 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24642 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25056 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25423 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25850 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200703-21.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/2315 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_32_php.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.php-security.org/MOPB/MOPB-05-2007.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/releases/5_2_1.php Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0076.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0081.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0082.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0088.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/461462/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1017671 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2007/0009/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-424-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-424-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.us.debian.org/security/2007/dsa-1264 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1991 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2374 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32709 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1088 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)