Vulnerability Description
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 4.4.7 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
- http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://osvdb.org/36083
- http://rhn.redhat.com/errata/RHSA-2007-0889.htmlVendor Advisory
- http://secunia.com/advisories/25456Vendor Advisory
- http://secunia.com/advisories/25535Vendor Advisory
- http://secunia.com/advisories/26048Vendor Advisory
- http://secunia.com/advisories/26231Vendor Advisory
- http://secunia.com/advisories/26838Vendor Advisory
- http://secunia.com/advisories/26871Vendor Advisory
- http://secunia.com/advisories/26895Vendor Advisory
- http://secunia.com/advisories/26930Vendor Advisory
- http://secunia.com/advisories/26967Vendor Advisory
FAQ
What is CVE-2007-2872?
CVE-2007-2872 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) ch...
How severe is CVE-2007-2872?
CVE-2007-2872 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2872?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.