NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2007-4661

Summary	The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
Publication Date	Sept. 5, 2007, 7:17 a.m.
Registration Date	Jan. 29, 2021, 2:19 p.m.
Last Update	Oct. 4, 2018, 6:48 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:php:php:5.2.3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59	MISC	Exploit
2	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html	SUSE
3	http://secunia.com/advisories/26642	SECUNIA	Patch
4	http://secunia.com/advisories/26838	SECUNIA
5	http://secunia.com/advisories/27102	SECUNIA
6	http://secunia.com/advisories/27864	SECUNIA
7	http://secunia.com/advisories/28658	SECUNIA
8	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	GENTOO
9	http://www.php.net/ChangeLog-5.php#5.2.4	CONFIRM
10	http://www.php.net/releases/5_2_4.php	CONFIRM	Patch
11	http://www.ubuntu.com/usn/usn-549-2	UBUNTU
12	https://issues.rpath.com/browse/RPL-1702	CONFIRM
13	https://launchpad.net/bugs/173043	CONFIRM
14	https://usn.ubuntu.com/549-1/	UBUNTU

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html
2	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html