CVE-2007-1888

2007-04-0601:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1888

buffer overflow

sqlite_decode_binary

sqlite 2

php

nvd

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

CPENameOperatorVersion
php:phpphpeq4.3.9
php:phpphpeq4.0
php:phpphpeq5.1.5
php:phpphpeq5.1.2
php:phpphpeq4.2.0
php:phpphpeq5.1.1
php:phpphpeq4.4.4
php:phpphpeq5.0.0
php:phpphpeq4.1.0
php:phpphpeq5.1.6

CPE	Name	Operator	Version
php:php	php	eq	4.3.9
php:php	php	eq	4.0
php:php	php	eq	5.1.5
php:php	php	eq	5.1.2
php:php	php	eq	4.2.0
php:php	php	eq	5.1.1
php:php	php	eq	4.4.4
php:php	php	eq	5.0.0
php:php	php	eq	4.1.0
php:php	php	eq	5.1.6