CVE-2007-4840Improper Input Validation in PHP

CWE-20Improper Input Validation6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
1.6%
top 18.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GlibcPHP
Timeline
PublishedSep 12
Latest updateMay 1

Description

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/glibc< 2.7-1+3
NVDphp/php5.2.4

🔴Vulnerability Details

3
GHSA
GHSA-pgvh-6hc4-99ch: PHP 52022-05-01
OSV
CVE-2007-4840: PHP 52007-09-12
CVEList
CVE-2007-4840: PHP 52007-09-12

📋Vendor Advisories

2
Debian
CVE-2007-4840: glibc - PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of se...2007
Red Hat
CVE-2007-4840: PHP 5
CVE-2007-4840 — Improper Input Validation in PHP | cvebase