CVE-2007-0988
CVE-2007-0988
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.aschttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://osvdb.org/32762http://rhn.redhat.com/errata/RHSA-2007-0089.htmlhttp://secunia.com/advisories/24195http://secunia.com/advisories/24217http://secunia.com/advisories/24236http://secunia.com/advisories/24248http://secunia.com/advisories/24284http://secunia.com/advisories/24295