CVE-2007-1381
published 2007-03-10CVE-2007-1381: The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where…
PriorityP346high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
9.07%
94.7th percentile
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fpm5-pg7v-gq2g: The wddx_deserialize function in wddx
ghsa_unreviewed·2022-05-01
CVE-2007-1381 [HIGH] CWE-119 GHSA-fpm5-pg7v-gq2g: The wddx_deserialize function in wddx
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
Red Hat
CVE-2007-1381: The wddx_deserialize function in wddx
vendor_redhat·CVSS 7.6
CVE-2007-1381 [HIGH] CVE-2007-1381: The wddx_deserialize function in wddx
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
Statement: Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
No detection rules found.
http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.13&r2=1.119.2.10.2.14http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?revision=1.119.2.10.2.14&view=markuphttp://www.osvdb.org/32775http://www.php-security.org/MOPB/MOPB-09-2007.htmlhttp://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.13&r2=1.119.2.10.2.14http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?revision=1.119.2.10.2.14&view=markuphttp://www.osvdb.org/32775http://www.php-security.org/MOPB/MOPB-09-2007.html
2007-03-10
Published