CVE-2008-0599Incorrect Calculation of Buffer Size in Apple MAC OS X

CWE-131Incorrect Calculation of Buffer SizeCWE-783Operator Precedence Logic Error8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
38.9%
top 2.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple MAC OS XApple MAC OS X ServerPHP+2 more
Timeline
PublishedMay 5
Latest updateMay 1

Description

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDphp/php< 5.2.6
NVDapple/mac_os_x< 10.5.4
NVDapple/mac_os_x_server< 10.5.4

Also affects: Fedora 8, 9, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

🔴Vulnerability Details

2
GHSA
GHSA-m9m5-q9x5-6877: The init_request_info function in sapi/cgi/cgi_main2022-05-01
CVEList
CVE-2008-0599: The init_request_info function in sapi/cgi/cgi_main2008-05-05

📋Vendor Advisories

2
Ubuntu
PHP vulnerabilities2008-07-23
Red Hat
php: buffer overflow in a CGI path translation2008-05-01

📐Framework References

2
CWE
Incorrect Calculation of Buffer Size
CWE
Operator Precedence Logic Error

💬Community

1
Bugzilla
CVE-2008-0599 php: buffer overflow in a CGI path translation2008-05-02
CVE-2008-0599 — Incorrect Calculation of Buffer Size | cvebase