CVE-2007-1521
published 2007-03-20CVE-2007-1521: Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.49%
94.3th percentile
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.2.1 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2007-04-27·CVSS 5.0
CVE-2007-1888 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Stefan Esser discovered multiple vulnerabilities in the "Month of PHP
bugs".
The substr_compare() function did not sufficiently verify its length
argument. This might be exploited to read otherwise unaccessible
memory, which might lead to information disclosure. (CVE-2007-1375)
The shared memory (shmop) functions did not verify resource types,
thus they could be called with a wrong resource type that might
contain user supplied data. This could be exploited to read and write
arbitrary memory addresses of the PHP interpreter. This issue does
not affect Ubuntu 7.04. (CVE-2007-1376)
The php_binary handler of the session extension was missing a boundary
check. When unserializing overly long variable names this could be
exploited to r
Red Hat
CVE-2007-1521: Double free vulnerability in PHP before 4
vendor_redhat·CVSS 6.8
CVE-2007-1521 [MEDIUM] CVE-2007-1521: Double free vulnerability in PHP before 4
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
Statement: The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
GHSA
GHSA-68q8-gr3h-67jh: Double free vulnerability in PHP before 4
ghsa_unreviewed·2022-05-01
CVE-2007-1521 [MEDIUM] GHSA-68q8-gr3h-67jh: Double free vulnerability in PHP before 4
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.
No detection rules found.
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/24505http://secunia.com/advisories/25025http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.debian.org/security/2007/dsa-1282http://www.debian.org/security/2007/dsa-1283http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-22-2007.htmlhttp://www.securityfocus.com/bid/22968http://www.securityfocus.com/bid/25159http://www.ubuntu.com/usn/usn-455-1http://www.vupen.com/english/advisories/2007/0960http://www.vupen.com/english/advisories/2007/2732http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/24505http://secunia.com/advisories/25025http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.debian.org/security/2007/dsa-1282http://www.debian.org/security/2007/dsa-1283http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-22-2007.htmlhttp://www.securityfocus.com/bid/22968http://www.securityfocus.com/bid/25159http://www.ubuntu.com/usn/usn-455-1http://www.vupen.com/english/advisories/2007/0960http://www.vupen.com/english/advisories/2007/2732
2007-03-20
Published