Vulnerability Description
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.2.3 |
Related Weaknesses (CWE)
References
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
- http://osvdb.org/36085
- http://secunia.com/advisories/26085Vendor Advisory
- http://secunia.com/advisories/26642Vendor Advisory
- http://secunia.com/advisories/27102Vendor Advisory
- http://secunia.com/advisories/30158Vendor Advisory
- http://secunia.com/advisories/30288Vendor Advisory
- http://www.debian.org/security/2008/dsa-1572
- http://www.debian.org/security/2008/dsa-1578
- http://www.exploit-db.com/exploits/4181
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://www.php.net/releases/5_2_4.php
- http://www.securityfocus.com/bid/24922
FAQ
What is CVE-2007-3806?
CVE-2007-3806 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memo...
How severe is CVE-2007-3806?
CVE-2007-3806 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3806?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.