CVE-2007-1649
published 2007-03-24CVE-2007-1649: PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with…
PriorityP340high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
7.21%
93.5th percentile
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhvw-9cx4-p5jj: PHP 5
ghsa_unreviewed·2022-05-01
CVE-2007-1649 [HIGH] GHSA-mhvw-9cx4-p5jj: PHP 5
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
Red Hat
CVE-2007-1649: PHP 5
vendor_redhat·CVSS 7.8
CVE-2007-1649 [HIGH] CVE-2007-1649: PHP 5
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
Statement: Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
No detection rules found.
http://secunia.com/advisories/24630http://us2.php.net/releases/5_2_2.phphttp://www.mandriva.com/security/advisories?name=MDVSA-2008:126http://www.php-security.org/MOPB/MOPB-29-2007.htmlhttp://www.securityfocus.com/bid/23105https://exchange.xforce.ibmcloud.com/vulnerabilities/33170http://secunia.com/advisories/24630http://us2.php.net/releases/5_2_2.phphttp://www.mandriva.com/security/advisories?name=MDVSA-2008:126http://www.php-security.org/MOPB/MOPB-29-2007.htmlhttp://www.securityfocus.com/bid/23105https://exchange.xforce.ibmcloud.com/vulnerabilities/33170
2007-03-24
Published