CVE-2007-1375
published 2007-03-10CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.16%
94.1th percentile
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.2.1 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.4MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2007-04-27·CVSS 5.0
CVE-2007-1888 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Stefan Esser discovered multiple vulnerabilities in the "Month of PHP
bugs".
The substr_compare() function did not sufficiently verify its length
argument. This might be exploited to read otherwise unaccessible
memory, which might lead to information disclosure. (CVE-2007-1375)
The shared memory (shmop) functions did not verify resource types,
thus they could be called with a wrong resource type that might
contain user supplied data. This could be exploited to read and write
arbitrary memory addresses of the PHP interpreter. This issue does
not affect Ubuntu 7.04. (CVE-2007-1376)
The php_binary handler of the session extension was missing a boundary
check. When unserializing overly long variable names this could be
exploited to r
Red Hat
CVE-2007-2748: The substr_count function in PHP 5
vendor_redhat·CVSS 5.0
CVE-2007-2748 [MEDIUM] CVE-2007-2748: The substr_count function in PHP 5
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
Statement: We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1.
These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack 2.
Red Hat
CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5
vendor_redhat·CVSS 6.4
CVE-2007-1375 [MEDIUM] CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
Statement: We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1.
These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, Stronghold 4.0, or Red Hat Application Stack 2.
GHSA
GHSA-hxx4-229m-wgjj: The substr_count function in PHP 5
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-2748 [MEDIUM] CWE-200 GHSA-hxx4-229m-wgjj: The substr_count function in PHP 5
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
GHSA
GHSA-cqfv-6frg-v5c7: Integer overflow in the substr_compare function in PHP 5
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2007-1375 [MEDIUM] GHSA-cqfv-6frg-v5c7: Integer overflow in the substr_compare function in PHP 5
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
No detection rules found.
http://secunia.com/advisories/24606http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/26895http://security.gentoo.org/glsa/glsa-200703-21.xmlhttp://us2.php.net/releases/5_2_2.phphttp://www.debian.org/security/2007/dsa-1283http://www.mandriva.com/security/advisories?name=MDKSA-2007:187http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.osvdb.org/32780http://www.php-security.org/MOPB/MOPB-14-2007.htmlhttp://www.securityfocus.com/bid/22851http://www.ubuntu.com/usn/usn-455-1https://www.exploit-db.com/exploits/3424http://secunia.com/advisories/24606http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/26895http://security.gentoo.org/glsa/glsa-200703-21.xmlhttp://us2.php.net/releases/5_2_2.phphttp://www.debian.org/security/2007/dsa-1283http://www.mandriva.com/security/advisories?name=MDKSA-2007:187http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.osvdb.org/32780http://www.php-security.org/MOPB/MOPB-14-2007.htmlhttp://www.securityfocus.com/bid/22851http://www.ubuntu.com/usn/usn-455-1https://www.exploit-db.com/exploits/3424
2007-03-10
Published