← back
CVE-2007-4657

CVE-2007-4657

EPSS 3.0%
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/26642http://secunia.com/advisories/26822http://secunia.com/advisories/26838http://secunia.com/advisories/27102http://secunia.com/advisories/27377http://secunia.com/advisories/27864http://secunia.com/advisories/28249http://secunia.com/advisories/28318http://secunia.com/advisories/28936http://secunia.com/advisories/30288http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/https://exchange.xforce.ibmcloud.com/vulnerabilities/36388