CVE-2007-0911
published 2007-02-13CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
PriorityP430high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
5.27%
91.5th percentile
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-678c-jjf7-qcvr: Off-by-one error in the str_ireplace function in PHP 5
ghsa_unreviewed·2022-05-01
CVE-2007-0911 [HIGH] GHSA-678c-jjf7-qcvr: Off-by-one error in the str_ireplace function in PHP 5
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
Red Hat
CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5
vendor_redhat·CVSS 7.5
CVE-2007-0911 [HIGH] CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
Statement: Not vulnerable. This flaw is a regression of the fix for CVE-2007-0906 affecting PHP version 5.2.1 only which results in any use of str_replace() causing a crash regardless of user input. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
No detection rules found.
No writeups or analysis indexed.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.36&r2=1.445.2.14.2.37http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://marc.info/?l=php-dev&m=117104930526516&w=2http://marc.info/?l=php-dev&m=117106751715609&w=2http://osvdb.org/33952http://secunia.com/advisories/24514http://secunia.com/advisories/24606http://security.gentoo.org/glsa/glsa-200703-21.xmlhttp://www.securityfocus.com/archive/1/459856/100/0/threadedhttp://www.securityfocus.com/bid/22505http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.36&r2=1.445.2.14.2.37http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://marc.info/?l=php-dev&m=117104930526516&w=2http://marc.info/?l=php-dev&m=117106751715609&w=2http://osvdb.org/33952http://secunia.com/advisories/24514http://secunia.com/advisories/24606http://security.gentoo.org/glsa/glsa-200703-21.xmlhttp://www.securityfocus.com/archive/1/459856/100/0/threadedhttp://www.securityfocus.com/bid/22505
2007-02-13
Published