CVE-2007-4661
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.9%
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
References
cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
secunia.com/advisories/26642
secunia.com/advisories/26838
secunia.com/advisories/27102
secunia.com/advisories/27864
secunia.com/advisories/28658
www.gentoo.org/security/en/glsa/glsa-200710-02.xml
www.php.net/ChangeLog-5.php#5.2.4
www.php.net/releases/5_2_4.php
www.ubuntu.com/usn/usn-549-2
issues.rpath.com/browse/RPL-1702
launchpad.net/bugs/173043
usn.ubuntu.com/549-1/
Related
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.9%