// For flags

CVE-2007-4657

 

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

Múltiples desbordamientos de entero en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos obtener información sensible (contenido de memoria) o provocar denegación de servicio (caida de hilo) a través de un valor de len grande en la función (1) strspn o (2) strcspn, lo cual dispara un lectura fuera de límite. NOTA: estos afecta a diferentes versiones de producto que al CVE-2007-3996.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-04 CVE Reserved
  • 2007-09-04 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-189: Numeric Errors
CAPEC
References (29)
URL Tag Source
http://secunia.com/advisories/26642 Third Party Advisory
http://secunia.com/advisories/26822 Third Party Advisory
http://secunia.com/advisories/26838 Third Party Advisory
http://secunia.com/advisories/27102 Third Party Advisory
http://secunia.com/advisories/27377 Third Party Advisory
http://secunia.com/advisories/27864 Third Party Advisory
http://secunia.com/advisories/28249 Third Party Advisory
http://secunia.com/advisories/28318 Third Party Advisory
http://secunia.com/advisories/28936 Third Party Advisory
http://secunia.com/advisories/30288 Third Party Advisory
http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability Third Party Advisory
http://www.vupen.com/english/advisories/2007/3023 Third Party Advisory
http://www.vupen.com/english/advisories/2008/0059 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36388 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39399 Third Party Advisory
https://issues.rpath.com/browse/RPL-1693 Broken Link
https://issues.rpath.com/browse/RPL-1702 Broken Link
https://launchpad.net/bugs/173043 Third Party Advisory
URL Date SRC
URL Date SRC
http://www.php.net/ChangeLog-5.php#5.2.4 2018-10-26
URL Date SRC
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 2018-10-26
http://www.debian.org/security/2008/dsa-1444 2018-10-26
http://www.debian.org/security/2008/dsa-1578 2018-10-26
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml 2018-10-26
http://www.php.net/ChangeLog-4.php 2018-10-26
http://www.php.net/releases/4_4_8.php 2018-10-26
http://www.php.net/releases/5_2_4.php 2018-10-26
http://www.trustix.org/errata/2007/0026 2018-10-26
http://www.ubuntu.com/usn/usn-549-2 2018-10-26
https://usn.ubuntu.com/549-1 2018-10-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 4.0.0 < 4.4.8
Search vendor "Php" for product "Php" and version " >= 4.0.0 < 4.4.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.0.0 < 5.2.4
Search vendor "Php" for product "Php" and version " >= 5.0.0 < 5.2.4"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected