CVE - CVE-2008-1384

CVE-ID
CVE-2008-1384	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:28392 URL:http://www.securityfocus.com/bid/28392 BUGTRAQ:20080321 {securityreason.com}PHP 5 printf() - Integer Overflow URL:http://www.securityfocus.com/archive/1/489962/100/0/threaded BUGTRAQ:20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl URL:http://www.securityfocus.com/archive/1/492535/100/0/threaded BUGTRAQ:20080527 rPSA-2008-0178-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/492671/100/0/threaded CONFIRM:http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178 CONFIRM:https://issues.rpath.com/browse/RPL-2503 DEBIAN:DSA-1572 URL:http://www.debian.org/security/2008/dsa-1572 GENTOO:GLSA-200811-05 URL:http://security.gentoo.org/glsa/glsa-200811-05.xml MANDRIVA:MDVSA-2009:022 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:022~~ (Obsolete source) MANDRIVA:MDVSA-2009:023 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:023~~ (Obsolete source) SECUNIA:30158 URL:http://secunia.com/advisories/30158 SECUNIA:30345 URL:http://secunia.com/advisories/30345 SECUNIA:30411 URL:http://secunia.com/advisories/30411 SECUNIA:30967 URL:http://secunia.com/advisories/30967 SECUNIA:31200 URL:http://secunia.com/advisories/31200 SECUNIA:32746 URL:http://secunia.com/advisories/32746 SREASONRES:20080320 PHP 5.2.5 and prior : printf() functions Integer Overflow URL:http://securityreason.com/achievement_securityalert/52 SUSE:SUSE-SR:2008:014 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html UBUNTU:USN-628-1 URL:http://www.ubuntu.com/usn/usn-628-1 XF:php-phpsprintfappendstring-overflow(41386) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
Assigning CNA
MITRE Corporation
Date Record Created
20080318	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)