CVE - CVE-2007-0988

CVE-ID
CVE-2007-0988	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070227 rPSA-2007-0043-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/461462/100/0/threaded MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 MISC:http://www.php.net/releases/5_2_1.php MISC:http://www.php-security.org/MOPB/MOPB-05-2007.html CONFIRM:https://issues.rpath.com/browse/RPL-1088 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm DEBIAN:DSA-1264 URL:http://www.us.debian.org/security/2007/dsa-1264 GENTOO:GLSA-200703-21 URL:http://security.gentoo.org/glsa/glsa-200703-21.xml HP:HPSBMA02215 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HP:SSRT071423 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 HP:HPSBTU02232 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 HP:SSRT071429 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 MANDRIVA:MDKSA-2007:048 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 OPENPKG:OpenPKG-SA-2007.010 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html REDHAT:RHSA-2007:0076 URL:http://www.redhat.com/support/errata/RHSA-2007-0076.html REDHAT:RHSA-2007:0081 URL:http://www.redhat.com/support/errata/RHSA-2007-0081.html REDHAT:RHSA-2007:0089 URL:http://rhn.redhat.com/errata/RHSA-2007-0089.html REDHAT:RHSA-2007:0088 URL:http://www.redhat.com/support/errata/RHSA-2007-0088.html REDHAT:RHSA-2007:0082 URL:http://www.redhat.com/support/errata/RHSA-2007-0082.html SGI:20070201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SUSE:SUSE-SA:2007:032 URL:http://www.novell.com/linux/security/advisories/2007_32_php.html TRUSTIX:2007-0009 URL:http://www.trustix.org/errata/2007/0009/ UBUNTU:USN-424-1 URL:http://www.ubuntu.com/usn/usn-424-1 UBUNTU:USN-424-2 URL:http://www.ubuntu.com/usn/usn-424-2 OVAL:oval:org.mitre.oval:def:11092 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11092 VUPEN:ADV-2007-1991 URL:http://www.vupen.com/english/advisories/2007/1991 VUPEN:ADV-2007-2374 URL:http://www.vupen.com/english/advisories/2007/2374 OSVDB:32762 URL:http://osvdb.org/32762 SECTRACK:1017671 URL:http://www.securitytracker.com/id?1017671 SECUNIA:24195 URL:http://secunia.com/advisories/24195 SECUNIA:24217 URL:http://secunia.com/advisories/24217 SECUNIA:24248 URL:http://secunia.com/advisories/24248 SECUNIA:24236 URL:http://secunia.com/advisories/24236 SECUNIA:24295 URL:http://secunia.com/advisories/24295 SECUNIA:24322 URL:http://secunia.com/advisories/24322 SECUNIA:24432 URL:http://secunia.com/advisories/24432 SECUNIA:24421 URL:http://secunia.com/advisories/24421 SECUNIA:24606 URL:http://secunia.com/advisories/24606 SECUNIA:24642 URL:http://secunia.com/advisories/24642 SECUNIA:25056 URL:http://secunia.com/advisories/25056 SECUNIA:25423 URL:http://secunia.com/advisories/25423 SECUNIA:24284 URL:http://secunia.com/advisories/24284 SECUNIA:24419 URL:http://secunia.com/advisories/24419 SECUNIA:25850 URL:http://secunia.com/advisories/25850 SREASON:2315 URL:http://securityreason.com/securityalert/2315 XF:php-zendhashinit-dos(32709) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32709
Assigning CNA
N/A
Date Entry Created
20070216	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070216)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org