CVE - CVE-2007-0988

CVE-ID
CVE-2007-0988	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070227 rPSA-2007-0043-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/461462/100/0/threaded CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm CONFIRM:https://issues.rpath.com/browse/RPL-1088 DEBIAN:DSA-1264 URL:http://www.us.debian.org/security/2007/dsa-1264 GENTOO:GLSA-200703-21 URL:http://security.gentoo.org/glsa/glsa-200703-21.xml HP:HPSBMA02215 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HP:HPSBTU02232 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 HP:SSRT071423 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HP:SSRT071429 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 MANDRIVA:MDKSA-2007:048 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:048~~ (Obsolete source) MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 MISC:http://www.php-security.org/MOPB/MOPB-05-2007.html MISC:http://www.php.net/releases/5_2_1.php OPENPKG:OpenPKG-SA-2007.010 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html OSVDB:32762 URL:~~http://osvdb.org/32762~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11092 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092 REDHAT:RHSA-2007:0076 URL:http://www.redhat.com/support/errata/RHSA-2007-0076.html REDHAT:RHSA-2007:0081 URL:http://www.redhat.com/support/errata/RHSA-2007-0081.html REDHAT:RHSA-2007:0082 URL:http://www.redhat.com/support/errata/RHSA-2007-0082.html REDHAT:RHSA-2007:0088 URL:http://www.redhat.com/support/errata/RHSA-2007-0088.html REDHAT:RHSA-2007:0089 URL:http://rhn.redhat.com/errata/RHSA-2007-0089.html SECTRACK:1017671 URL:http://www.securitytracker.com/id?1017671 SECUNIA:24195 URL:http://secunia.com/advisories/24195 SECUNIA:24217 URL:http://secunia.com/advisories/24217 SECUNIA:24236 URL:http://secunia.com/advisories/24236 SECUNIA:24248 URL:http://secunia.com/advisories/24248 SECUNIA:24284 URL:http://secunia.com/advisories/24284 SECUNIA:24295 URL:http://secunia.com/advisories/24295 SECUNIA:24322 URL:http://secunia.com/advisories/24322 SECUNIA:24419 URL:http://secunia.com/advisories/24419 SECUNIA:24421 URL:http://secunia.com/advisories/24421 SECUNIA:24432 URL:http://secunia.com/advisories/24432 SECUNIA:24606 URL:http://secunia.com/advisories/24606 SECUNIA:24642 URL:http://secunia.com/advisories/24642 SECUNIA:25056 URL:http://secunia.com/advisories/25056 SECUNIA:25423 URL:http://secunia.com/advisories/25423 SECUNIA:25850 URL:http://secunia.com/advisories/25850 SGI:20070201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SREASON:2315 URL:http://securityreason.com/securityalert/2315 SUSE:SUSE-SA:2007:032 URL:http://www.novell.com/linux/security/advisories/2007_32_php.html TRUSTIX:2007-0009 URL:~~http://www.trustix.org/errata/2007/0009/~~ (Obsolete source - check if archived by the Wayback Machine) UBUNTU:USN-424-1 URL:http://www.ubuntu.com/usn/usn-424-1 UBUNTU:USN-424-2 URL:http://www.ubuntu.com/usn/usn-424-2 VUPEN:ADV-2007-1991 URL:~~http://www.vupen.com/english/advisories/2007/1991~~ (Obsolete source) VUPEN:ADV-2007-2374 URL:~~http://www.vupen.com/english/advisories/2007/2374~~ (Obsolete source) XF:php-zendhashinit-dos(32709) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32709
Assigning CNA
MITRE Corporation
Date Record Created
20070216	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070216)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)