CVE-2007-1453
published 2007-03-14CVE-2007-1453: Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.52%
94.8th percentile
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fgqw-vvrq-jg84: Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5
ghsa_unreviewed·2022-05-01
CVE-2007-1453 [HIGH] GHSA-fgqw-vvrq-jg84: Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
Red Hat
filter extension buffer underflow
vendor_redhat·CVSS 7.5
CVE-2007-1453 [HIGH] filter extension buffer underflow
filter extension buffer underflow
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
Statement: Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
No detection rules found.
http://secunia.com/advisories/25056http://secunia.com/advisories/25062http://www.debian.org/security/2007/dsa-1283http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-19-2007.htmlhttp://www.php.net/releases/5_2_1.phphttp://www.securityfocus.com/bid/22922http://secunia.com/advisories/25056http://secunia.com/advisories/25062http://www.debian.org/security/2007/dsa-1283http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-19-2007.htmlhttp://www.php.net/releases/5_2_1.phphttp://www.securityfocus.com/bid/22922
2007-03-14
Published