Lucene search

[email protected]CVE-2007-1376

HistoryMar 10, 2007 - 12:19 a.m.

CVE-2007-1376

2007-03-1000:19:00

[email protected]

web.nvd.nist.gov

php

shmop

security

vulnerability

memory

nvd

cve-2007-1376

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.049 Low

EPSS

Percentile

92.8%

JSON

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

Affected configurations

NVD

Node

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0rc1

phpphpMatch4.0rc2

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.4patch1

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

CPENameOperatorVersion
php:phpphpeq4.0
php:phpphpeq4.0.0
php:phpphpeq4.0.1
php:phpphpeq4.0.2
php:phpphpeq4.0.3
php:phpphpeq4.0.4
php:phpphpeq4.0.5
php:phpphpeq4.0.6
php:phpphpeq4.0.7
php:phpphpeq4.1.0

CPE	Name	Operator	Version
php:php	php	eq	4.0
php:php	php	eq	4.0.0
php:php	php	eq	4.0.1
php:php	php	eq	4.0.2
php:php	php	eq	4.0.3
php:php	php	eq	4.0.4
php:php	php	eq	4.0.5
php:php	php	eq	4.0.6
php:php	php	eq	4.0.7
php:php	php	eq	4.1.0