// For flags

CVE-2007-3998

php floating point exception inside wordwrap

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación o bucle infinito) a través de ciertos argumentos, como lo demostrado con el establecimiento del argumento 'chr(0), 0, ""'.

Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-25 CVE Reserved
  • 2007-09-04 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (36)
URL Tag Source
http://secunia.com/advisories/26642 Third Party Advisory
http://secunia.com/advisories/26822 Third Party Advisory
http://secunia.com/advisories/26838 Third Party Advisory
http://secunia.com/advisories/26871 Third Party Advisory
http://secunia.com/advisories/26895 Third Party Advisory
http://secunia.com/advisories/26930 Third Party Advisory
http://secunia.com/advisories/26967 Third Party Advisory
http://secunia.com/advisories/27102 Third Party Advisory
http://secunia.com/advisories/27377 Third Party Advisory
http://secunia.com/advisories/27545 Third Party Advisory
http://secunia.com/advisories/27864 Third Party Advisory
http://secunia.com/advisories/28249 Third Party Advisory
http://secunia.com/advisories/28658 Third Party Advisory
http://secunia.com/advisories/30288 Third Party Advisory
http://secweb.se/en/advisories/php-wordwrap-vulnerability Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm Third Party Advisory
https://issues.rpath.com/browse/RPL-1693 Broken Link
https://issues.rpath.com/browse/RPL-1702 Broken Link
https://launchpad.net/bugs/173043 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html 2018-10-26
http://rhn.redhat.com/errata/RHSA-2007-0889.html 2018-10-26
http://www.debian.org/security/2008/dsa-1444 2018-10-26
http://www.debian.org/security/2008/dsa-1578 2018-10-26
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml 2018-10-26
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 2018-10-26
http://www.php.net/ChangeLog-5.php#5.2.4 2018-10-26
http://www.php.net/releases/5_2_4.php 2018-10-26
http://www.redhat.com/support/errata/RHSA-2007-0890.html 2018-10-26
http://www.redhat.com/support/errata/RHSA-2007-0891.html 2018-10-26
http://www.trustix.org/errata/2007/0026 2018-10-26
http://www.ubuntu.com/usn/usn-549-2 2018-10-26
https://usn.ubuntu.com/549-1 2018-10-26
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html 2018-10-26
https://access.redhat.com/security/cve/CVE-2007-3998 2007-10-23
https://bugzilla.redhat.com/show_bug.cgi?id=276081 2007-10-23
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 4.0.0 < 4.4.8
Search vendor "Php" for product "Php" and version " >= 4.0.0 < 4.4.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.0.0 < 5.2.4
Search vendor "Php" for product "Php" and version " >= 5.0.0 < 5.2.4"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected