Lucene search

K

[email protected]CVE-2008-3659

HistoryAug 15, 2008 - 12:41 a.m.

CVE-2008-3659

2008-08-1500:41:00

CWE-119

[email protected]

web.nvd.nist.gov

81

cve-2008-3659

buffer overflow

php

denial of service

arbitrary code execution

7.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.034 Low

EPSS

Percentile

91.3%

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

CPENameOperatorVersion
php:phpphpeq4.4.4
php:phpphpeq5.2.2
php:phpphpeq5.2.5
php:phpphpeq4.4.2
php:phpphpeq5.2.6
php:phpphpeq4.4.3
php:phpphpeq5.2.3
php:phpphpeq4.4.5
php:phpphpeq4.4.8
php:phpphpeq5.2.0

Rows per page:

1-10 of 161

References

bugs.gentoo.org/show_bug.cgi?id=234102

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

marc.info/?l=bugtraq&m=124654546101607&w=2

marc.info/?l=bugtraq&m=125631037611762&w=2

news.php.net/php.cvs/52002

osvdb.org/47483

secunia.com/advisories/31982

secunia.com/advisories/32148

secunia.com/advisories/32316

secunia.com/advisories/32746

secunia.com/advisories/35074

secunia.com/advisories/35650

security.gentoo.org/glsa/glsa-200811-05.xml

support.apple.com/kb/HT3549

wiki.rpath.com/Advisories:rPSA-2009-0035

www.debian.org/security/2008/dsa-1647

www.mandriva.com/security/advisories?name=MDVSA-2009:021

www.mandriva.com/security/advisories?name=MDVSA-2009:022

www.mandriva.com/security/advisories?name=MDVSA-2009:023

www.mandriva.com/security/advisories?name=MDVSA-2009:024

www.openwall.com/lists/oss-security/2008/08/08/2

www.openwall.com/lists/oss-security/2008/08/08/3

www.openwall.com/lists/oss-security/2008/08/08/4

www.openwall.com/lists/oss-security/2008/08/13/8

www.php.net/archive/2008.php#id2008-08-07-1

www.securityfocus.com/archive/1/501376/100/0/threaded

www.securitytracker.com/id?1020995

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2008/2336

www.vupen.com/english/advisories/2009/1297

exchange.xforce.ibmcloud.com/vulnerabilities/44405

7.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.034 Low

EPSS

Percentile

91.3%

Related for CVE-2008-3659

ubuntucve1 prion1 openvas32 nessus15 debian1 osv1 freebsd1 slackware1 f52 ubuntu1 gentoo1 securityvulns1