CVE-2007-1399
published 2007-03-10CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
19.83%
97.1th percentile
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| pierrejoye | php_zip | < 1.8.4 | 1.8.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unusually long zip:// URL strings passed to PHP, which trigger the stack-based buffer overflow in the zip:// URL wrapper. ↗
- →Inspect avatar upload and blog pingback functionality in PHP applications for attacker-supplied zip:// URLs, as these are the demonstrated attack vectors for triggering remote URL access. ↗
- ·Only PHP installations with the PECL ZIP extension (version 1.8.3 or earlier) are vulnerable; distributions that do not ship the zip extension are not affected. ↗
- ·Vulnerability is specifically bundled with PHP 5.2.0 and 5.2.1; confirm presence of PECL ZIP 1.8.3 or earlier before applying detections. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-39ch-q5j8-9rjh: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1
ghsa_unreviewed·2022-05-01
CVE-2007-1399 [HIGH] GHSA-39ch-q5j8-9rjh: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
Red Hat
CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1
vendor_redhat·CVSS 9.8
CVE-2007-1399 [CRITICAL] CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
Statement: Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
No detection rules found.
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://secunia.com/advisories/24471http://secunia.com/advisories/24514http://secunia.com/advisories/25938http://www.debian.org/security/2007/dsa-1330http://www.osvdb.org/32782http://www.php-security.org/MOPB/MOPB-16-2007.htmlhttp://www.securityfocus.com/bid/22883http://www.vupen.com/english/advisories/2007/0898https://exchange.xforce.ibmcloud.com/vulnerabilities/32889http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://secunia.com/advisories/24471http://secunia.com/advisories/24514http://secunia.com/advisories/25938http://www.debian.org/security/2007/dsa-1330http://www.osvdb.org/32782http://www.php-security.org/MOPB/MOPB-16-2007.htmlhttp://www.securityfocus.com/bid/22883http://www.vupen.com/english/advisories/2007/0898https://exchange.xforce.ibmcloud.com/vulnerabilities/32889
2007-03-10
Published