Lucene search

PRIOn knowledge basePRION:CVE-2008-5557

HistoryDec 23, 2008 - 6:30 p.m.

Heap overflow

2008-12-2318:30:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.6%

JSON

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.4.9
phpeq5.1.5
phpeq5.1.2
phpeq5.1.1
phpeq4.4.4
phpeq5.0.0 beta1
phpeq5.1.6
phpeq4.3.4
phpeq4.3.0

Name	Operator	Version
php	eq	4.3.9
php	eq	4.4.9
php	eq	5.1.5
php	eq	5.1.2
php	eq	5.1.1
php	eq	4.4.4
php	eq	5.0.0 beta1
php	eq	5.1.6
php	eq	4.3.4
php	eq	4.3.0

Rows per page:

1-10 of 491

References

archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html

bugs.php.net/bug.php?id=45722

cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

secunia.com/advisories/34642

secunia.com/advisories/35003

secunia.com/advisories/35074

secunia.com/advisories/35306

secunia.com/advisories/35650

securitytracker.com/id?1021482

support.apple.com/kb/HT3549

wiki.rpath.com/Advisories:rPSA-2009-0035

www.debian.org/security/2009/dsa-1789

www.mandriva.com/security/advisories?name=MDVSA-2009:045

www.php.net/ChangeLog-5.php

www.redhat.com/support/errata/RHSA-2009-0350.html

www.securityfocus.com/archive/1/501376/100/0/threaded

www.securityfocus.com/bid/32948

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2009/1297

exchange.xforce.ibmcloud.com/vulnerabilities/47525

marc.info/?l=bugtraq&m=124654546101607&w=2

marc.info/?l=bugtraq&m=125631037611762&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286

www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.6%

JSON

Related for PRION:CVE-2008-5557