CVE-2007-3806
published 2007-07-17CVE-2007-3806: The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.74%
95.3th percentile
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
php invalid read in glob
vendor_redhat·CVSS 6.8
CVE-2007-3806 [MEDIUM] php invalid read in glob
php invalid read in glob
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
Statement: Not vulnerable. This issue only affected PHP on Windows platforms.
GHSA
GHSA-x5ff-24v2-wj9j: The glob function in PHP 5
ghsa_unreviewed·2022-05-01
CVE-2007-3806 [MEDIUM] CWE-20 GHSA-x5ff-24v2-wj9j: The glob function in PHP 5
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
No detection rules found.
No writeups or analysis indexed.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=loghttp://osvdb.org/36085http://secunia.com/advisories/26085http://secunia.com/advisories/26642http://secunia.com/advisories/27102http://secunia.com/advisories/30158http://secunia.com/advisories/30288http://www.debian.org/security/2008/dsa-1572http://www.debian.org/security/2008/dsa-1578http://www.exploit-db.com/exploits/4181http://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlhttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/5_2_4.phphttp://www.securityfocus.com/bid/24922http://www.securityfocus.com/bid/25498http://www.vupen.com/english/advisories/2007/2547https://exchange.xforce.ibmcloud.com/vulnerabilities/35437http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=loghttp://osvdb.org/36085http://secunia.com/advisories/26085http://secunia.com/advisories/26642http://secunia.com/advisories/27102http://secunia.com/advisories/30158http://secunia.com/advisories/30288http://www.debian.org/security/2008/dsa-1572http://www.debian.org/security/2008/dsa-1578http://www.exploit-db.com/exploits/4181http://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlhttp://www.php.net/ChangeLog-5.php#5.2.4http://www.php.net/releases/5_2_4.phphttp://www.securityfocus.com/bid/24922http://www.securityfocus.com/bid/25498http://www.vupen.com/english/advisories/2007/2547https://exchange.xforce.ibmcloud.com/vulnerabilities/35437
2007-07-17
Published