Lucene search

PhpMyAdminPHPMYADMIN:PMASA-2007-3

HistoryMar 02, 2007 - 12:00 a.m.

PHP Executor Deep Recursion Stack Overflow

2007-03-0200:00:00

www.phpmyadmin.net

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.044 Low

EPSS

Percentile

92.4%

JSON

PMASA-2007-3

Announcement-ID: PMASA-2007-3

Date: 2007-03-02

Summary

PHP Executor Deep Recursion Stack Overflow

Description

Stefan Esser from the Hardened-PHP Project is publishing the Month of PHP Bugs. One of these PHP bugs can be triggered by phpMyAdmin which uses a recursive function in its normal operation.

Severity

We consider this vulnerability to be serious.

Affected Versions

All versions prior to 2.10.0.2.

Solution

Upgrade to phpMyAdmin 2.10.0.2 or newer. Note that upgrading phpMyAdmin does not protect a server against an attacker that targets other vulnerable PHP applications.

References

<http://www.php-security.org/MOPB/MOPB-02-2007.html>

Assigned CVE ids: CVE-2007-1325

CWE ids: CWE-661 CWE-674

Patches

The following commits have been made to fix this issue:

b81f9a364c2a2204e6acbdff5b71e6cc6daead1e

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle2.10.0.2.

CPE	Name	Operator	Version
	phpmyadmin	le	2.10.0.2.

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.044 Low

EPSS

Percentile

92.4%

JSON

Related for PHPMYADMIN:PMASA-2007-3