CVE-2007-3998 — MEDIUM (5.0)

Q: How severe is CVE-2007-3998?

CVE-2007-3998 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-3998?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	>= 4.0.0, < 4.4.8
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-20

References

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0889.htmlThird Party Advisory
http://secunia.com/advisories/26642Third Party Advisory
http://secunia.com/advisories/26822Third Party Advisory
http://secunia.com/advisories/26838Third Party Advisory
http://secunia.com/advisories/26871Third Party Advisory
http://secunia.com/advisories/26895Third Party Advisory
http://secunia.com/advisories/26930Third Party Advisory
http://secunia.com/advisories/26967Third Party Advisory
http://secunia.com/advisories/27102Third Party Advisory
http://secunia.com/advisories/27377Third Party Advisory
http://secunia.com/advisories/27545Third Party Advisory
http://secunia.com/advisories/27864Third Party Advisory
http://secunia.com/advisories/28249Third Party Advisory
http://secunia.com/advisories/28658Third Party Advisory

FAQ

What is CVE-2007-3998?

CVE-2007-3998 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error a...

How severe is CVE-2007-3998?

CVE-2007-3998 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3998?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Canonical Ubuntu Linux.