CVE-2007-3806
Severity:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
17/07/2007
Last modified:
29/09/2017
Description
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
- http://osvdb.org/36085
- http://secunia.com/advisories/26085
- http://secunia.com/advisories/26642
- http://secunia.com/advisories/27102
- http://secunia.com/advisories/30158
- http://secunia.com/advisories/30288
- http://www.debian.org/security/2008/dsa-1572
- http://www.debian.org/security/2008/dsa-1578
- http://www.exploit-db.com/exploits/4181
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://www.php.net/releases/5_2_4.php
- http://www.securityfocus.com/bid/24922
- http://www.securityfocus.com/bid/25498
- http://www.vupen.com/english/advisories/2007/2547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35437