CVE-2007-1285
published 2007-03-06CVE-2007-1285: The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| novell | suse_linux | — | — |
| novell | suse_linux | — | — |
| php | php | <= 5.2.3 | — |
| php | php | >= 4.0.0 < 4.4.7 | 4.4.7 |
| php | php | >= 5.0.0 < 5.2.2 | 5.2.2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Ubuntu
PHP regression
vendor_ubuntu·2007-12-03·CVSS 7.5
[HIGH] PHP regression
Title: PHP regression
Summary: PHP regression
USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes
were incomplete, which caused crashes in certain situations with Ubuntu
7.10. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the wordwrap function did not correctly
check lengths. Remote attackers could exploit this to cause
a crash or monopolize CPU resources, resulting in a denial of
service. (CVE-2007-3998)
Integer overflows were discovered in the strspn and strcspn functions.
Attackers could exploit this to read arbitrary areas of memory, possibly
gaining access to sensitive information. (CVE-2007-4657)
Stanislav Malyshev discovered that money_format function did not correctly
handle certain tok
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2007-11-29·CVSS 7.5
CVE-2007-1285 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
It was discovered that the wordwrap function did not correctly
check lengths. Remote attackers could exploit this to cause
a crash or monopolize CPU resources, resulting in a denial of
service. (CVE-2007-3998)
Integer overflows were discovered in the strspn and strcspn functions.
Attackers could exploit this to read arbitrary areas of memory, possibly
gaining access to sensitive information. (CVE-2007-4657)
Stanislav Malyshev discovered that money_format function did not correctly
handle certain tokens. If a PHP application were tricked into processing
a bad format string, a remote attacker could execute arbitrary code with
application privileges. (CVE-2007-4658)
It was discovered that the php_openssl_make_REQ function did not
co
Red Hat
php malformed cookie handling
vendor_redhat·2007-08-30·CVSS 7.5
CVE-2007-4670 [HIGH] php malformed cookie handling
php malformed cookie handling
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Red Hat
security flaw
vendor_redhat·2007-03-01·CVSS 7.5
CVE-2007-1285 [HIGH] security flaw
security flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
GHSA
GHSA-jhxw-fqxp-j75j: The Zend Engine in PHP 4
ghsa_unreviewed·2022-05-01
CVE-2007-1285 [MEDIUM] CWE-119 GHSA-jhxw-fqxp-j75j: The Zend Engine in PHP 4
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
GHSA
GHSA-qqfg-93rc-qwq3: Unspecified vulnerability in PHP before 5
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4670 [HIGH] GHSA-qqfg-93rc-qwq3: Unspecified vulnerability in PHP before 5
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
No detection rules found.
Bugzilla
CVE-2007-1285 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2007-1285 [HIGH] CVE-2007-1285 security flaw
CVE-2007-1285 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Bugzilla
CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)
bugzilla·2007-04-05·CVSS 7.5
CVE-2007-1285 [HIGH] CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)
CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)
+++ This bug was initially created as a clone of Bug #235225 +++
Summary of bugs disclosed during the "Month of PHP Bugs" which affect Stronghold
for Red Hat Enterprise Linux:
CVE-2007-1285 MOPB-03-2007
impact=low,public=20070301
CVE-2007-1286 MOPB-04-2007
impact=important,public=20070302
CVE-2007-1711 MOPB-32-2007
impact=important,public=20070325
Version-Release number of selected component (if applicable):
4.1.2-2.14
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
Bugzilla
CVE-2007-1285 PHP Variable Destructor Deep Recursion Stack Overflow
bugzilla·2007-03-09·CVSS 7.5
CVE-2007-1285 [HIGH] CVE-2007-1285 PHP Variable Destructor Deep Recursion Stack Overflow
CVE-2007-1285 PHP Variable Destructor Deep Recursion Stack Overflow
Description of problem:
MOPB-03-2007 describes how, on automatic deallocation of an input variable
containing a deeply-nested-array, the PHP uses recursion which may overflow the
process stack and crash.
The impact of this issue is to allow remote attackers to cause
premature termination of the process running the PHP interpreter; in
most multi-process web servers such processes are immediately replaced
at a minor cost to performance.
Version-Release number of selected component (if applicable):
php-5.1.6-6.el5
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or
Bugzilla
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
bugzilla·2007-03-01·CVSS 2.1
CVE-2007-1285 [LOW] CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
Description of problem:
This bug will be used to provide tracking information for the issues reported
during the "Month of PHP Bugs" initiative, http://www.php-security.org/
Discussion:
Introduction: The PHP interpreter does not offer a reliable
"sandboxed" security layer (as found in, say, a JVM) in which
untrusted scripts can be run; any script run by the PHP interpreter
must be trusted with the privileges of the interpreter itself. In
analysis of these issues, bugs which rely on an "untrusted local
attacker" will therefore not be classified as being
security-sensitive, since no trust boundary is crossed.
---
MOPB-01-2007 describes an issue in the PHP interpreter regarding the
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0154.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0163.htmlhttp://secunia.com/advisories/24909http://secunia.com/advisories/24910http://secunia.com/advisories/24924http://secunia.com/advisories/24941http://secunia.com/advisories/24945http://secunia.com/advisories/25445http://secunia.com/advisories/26048http://secunia.com/advisories/26642http://secunia.com/advisories/27864http://secunia.com/advisories/28936http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136http://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.mandriva.com/security/advisories?name=MDKSA-2007:087http://www.mandriva.com/security/advisories?name=MDKSA-2007:088http://www.mandriva.com/security/advisories?name=MDKSA-2007:089http://www.mandriva.com/security/advisories?name=MDKSA-2007:090http://www.osvdb.org/32769http://www.php-security.org/MOPB/MOPB-03-2007.htmlhttp://www.php.net/ChangeLog-4.phphttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/4_4_8.phphttp://www.php.net/releases/5_2_4.phphttp://www.redhat.com/support/errata/RHSA-2007-0082.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0162.htmlhttp://www.securityfocus.com/archive/1/466166/100/0/threadedhttp://www.securityfocus.com/bid/22764http://www.securitytracker.com/id?1017771http://www.ubuntu.com/usn/usn-549-2https://issues.rpath.com/browse/RPL-1268https://launchpad.net/bugs/173043https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017https://usn.ubuntu.com/549-1/http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0154.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0163.htmlhttp://secunia.com/advisories/24909http://secunia.com/advisories/24910http://secunia.com/advisories/24924http://secunia.com/advisories/24941http://secunia.com/advisories/24945http://secunia.com/advisories/25445http://secunia.com/advisories/26048http://secunia.com/advisories/26642http://secunia.com/advisories/27864http://secunia.com/advisories/28936http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136http://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.mandriva.com/security/advisories?name=MDKSA-2007:087http://www.mandriva.com/security/advisories?name=MDKSA-2007:088http://www.mandriva.com/security/advisories?name=MDKSA-2007:089http://www.mandriva.com/security/advisories?name=MDKSA-2007:090http://www.osvdb.org/32769http://www.php-security.org/MOPB/MOPB-03-2007.htmlhttp://www.php.net/ChangeLog-4.phphttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/4_4_8.phphttp://www.php.net/releases/5_2_4.phphttp://www.redhat.com/support/errata/RHSA-2007-0082.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0162.htmlhttp://www.securityfocus.com/archive/1/466166/100/0/threadedhttp://www.securityfocus.com/bid/22764http://www.securitytracker.com/id?1017771http://www.ubuntu.com/usn/usn-549-2https://issues.rpath.com/browse/RPL-1268https://launchpad.net/bugs/173043https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017https://usn.ubuntu.com/549-1/
2007-03-06
Published