Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4590
HistoryDec 24, 2008 - 12:00 a.m.

PHP 'mbstring扩展缓冲区溢出漏洞

2008-12-2400:00:00
Root
www.seebug.org
69

0.037 Low

EPSS

Percentile

90.8%

JSON

BUGTRAQ ID: 32948
CVE ID:CVE-2008-5557

PHP是一款网络编程语言。
PHP mbstring扩展存在输入验证错误,远程攻击者可以利用漏洞使应用程序崩溃。
mbstring扩展用于处理多字节unicode字符串,在解码部分HTML实体为unicode字符串时存在问题,由于解码器不正确处理错误条件,堆分配缓冲区的边界检查可被有效的绕过。攻击者利用漏洞可传送任意数据到堆特定域而以应用程序权限执行任意指令。

PHP PHP 5.2.6
PHP PHP 5.2.5
PHP PHP 5.2.4
PHP PHP 5.2.3
PHP PHP 5.2.2
PHP PHP 5.2.1

  • Ubuntu Ubuntu Linux 7.04 sparc
  • Ubuntu Ubuntu Linux 7.04 powerpc
  • Ubuntu Ubuntu Linux 7.04 i386
  • Ubuntu Ubuntu Linux 7.04 amd64
    PHP PHP 5.1.6
  • Ubuntu Ubuntu Linux 6.10 sparc
  • Ubuntu Ubuntu Linux 6.10 powerpc
  • Ubuntu Ubuntu Linux 6.10 i386
  • Ubuntu Ubuntu Linux 6.10 amd64
    PHP PHP 5.1.5
    PHP PHP 5.1.4
    PHP PHP 5.1.3
    PHP PHP 5.1.3
    PHP PHP 5.1.2
  • Ubuntu Ubuntu Linux 6.06 LTS sparc
  • Ubuntu Ubuntu Linux 6.06 LTS powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS i386
  • Ubuntu Ubuntu Linux 6.06 LTS amd64
    PHP PHP 5.1.1
    PHP PHP 5.1
    PHP PHP 5.0.5
    PHP PHP 5.0.4
    PHP PHP 5.0.3
  • Trustix Secure Linux 2.2
    PHP PHP 5.0.2
    PHP PHP 5.0.1
    PHP PHP 5.0 candidate 3
    PHP PHP 5.0 candidate 2
    PHP PHP 5.0 candidate 1
    PHP PHP 5.0 .0
    PHP PHP 4.4.9
    PHP PHP 4.4.8
    PHP PHP 4.4.7
  • Slackware Linux 10.2
  • Slackware Linux 11.0
  • Slackware Linux -current
    PHP PHP 4.4.6
    PHP PHP 4.4.5
    PHP PHP 4.4.4
    PHP PHP 4.4.3
    PHP PHP 4.4.2
    PHP PHP 4.4.1
    PHP PHP 4.4 .0
    PHP PHP 4.3.11
    PHP PHP 4.3.10
  • Gentoo Linux
  • RedHat Fedora Core3
  • Trustix Secure Enterprise Linux 2.0
  • Trustix Secure Linux 2.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
  • Trustix Secure Linux 1.5
    PHP PHP 4.3.9
    PHP PHP 4.3.8
  • MandrakeSoft Linux Mandrake 10.1 x86_64
  • MandrakeSoft Linux Mandrake 10.1
  • S.u.S.E. Linux Personal 9.2
  • Turbolinux Turbolinux Server 10.0
  • Ubuntu Ubuntu Linux 4.1 ppc
  • Ubuntu Ubuntu Linux 4.1 ia64
  • Ubuntu Ubuntu Linux 4.1 ia32
    PHP PHP 4.3.7
    PHP PHP 4.3.6
    PHP PHP 4.3.5
    PHP PHP 4.3.4
  • MandrakeSoft Corporate Server 3.0 x86_64
  • MandrakeSoft Corporate Server 3.0
  • MandrakeSoft Linux Mandrake 10.0 AMD64
  • MandrakeSoft Linux Mandrake 10.0
  • S.u.S.E. Linux Personal 9.1
    PHP PHP 4.3.3
  • S.u.S.E. Linux Personal 9.0 x86_64
  • S.u.S.E. Linux Personal 9.0
  • Turbolinux Home
  • Turbolinux Turbolinux 10 F…
  • Turbolinux Turbolinux Desktop 10.0
    PHP PHP 4.3.2
    PHP PHP 4.3.1
  • MandrakeSoft Linux Mandrake 9.1 ppc
  • MandrakeSoft Linux Mandrake 9.1
  • OpenPKG OpenPKG Current
  • S.u.S.E. Linux Personal 8.2
    PHP PHP 4.3
    PHP PHP 5.2
  • Debian Linux 4.0 sparc
  • Debian Linux 4.0 s/390
  • Debian Linux 4.0 powerpc
  • Debian Linux 4.0 mipsel
  • Debian Linux 4.0 mips
  • Debian Linux 4.0 m68k
  • Debian Linux 4.0 ia-64
  • Debian Linux 4.0 ia-32
  • Debian Linux 4.0 hppa
  • Debian Linux 4.0 arm
  • Debian Linux 4.0 amd64
  • Debian Linux 4.0 alpha
  • Debian Linux 4.0
    升级到PHP 5.2.8版本:
    <a href=“http://www.php.net/” target=“_blank”>http://www.php.net/</a>

Related

openvas 59
prion 1
f5 2
ubuntucve 1
securityvulns 5
cve 1
freebsd 1
nessus 23
veracode 1
redhat 3
centos 2
oraclelinux 2
osv 1
debian 1
fedora 4
ubuntu 1
gentoo 1
openvas
openvas
SLES9: Security update for PHP4
2009-10-10 00:00:00
FreeBSD Ports: php4-mbstring
2009-03-20 00:00:00
FreeBSD Ports: php4-mbstring
2009-03-20 00:00:00
prion
prion
Heap overflow
2008-12-23 18:30:00
f5
f5
K9761 : PHP vulnerability - CVE-2008-5557
2013-03-29 00:00:00
SOL9761 - PHP vulnerability - CVE-2008-5557
2009-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2008-5557
2008-12-23 00:00:00
securityvulns
securityvulns
[Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability
2008-12-22 00:00:00
PHP 4 multiple function buffer overflows
2008-12-22 00:00:00
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code, Unauthorized Access
2010-04-26 00:00:00
cve
cve
CVE-2008-5557
2008-12-23 18:30:00
freebsd
freebsd
php-mbstring -- php mbstring buffer overflow vulnerability
2008-12-21 00:00:00
nessus
nessus
FreeBSD : php-mbstring -- php mbstring buffer overflow vulnerability (a2074ac6-124c-11de-a964-0030843d3802)
2009-03-17 00:00:00
F5 Networks BIG-IP : PHP vulnerability (SOL9761)
2014-10-10 00:00:00
SuSE9 Security Update : PHP4 (YOU Patch Number 12382)
2009-09-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:23
redhat
redhat
(RHSA-2009:0337) Moderate: php security update
2009-04-06 00:00:00
(RHSA-2009:0338) Moderate: php security update
2009-04-06 00:00:00
(RHSA-2009:0350) Moderate: php security update
2009-04-14 00:00:00
centos
centos
php security update
2009-04-06 17:44:07
php security update
2009-04-07 12:21:16
oraclelinux
oraclelinux
php security update
2009-04-06 00:00:00
php security update
2009-04-06 00:00:00
osv
osv
php5 - several vulnerabilities
2009-05-04 00:00:00
debian
debian
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
2009-05-04 20:57:57
fedora
fedora
[SECURITY] Fedora 10 Update: maniadrive-1.2-13.fc10
2009-05-30 02:34:40
[SECURITY] Fedora 9 Update: maniadrive-1.2-13.fc9
2009-05-30 02:38:47
[SECURITY] Fedora 10 Update: php-5.2.9-2.fc10
2009-05-30 02:34:40
ubuntu
ubuntu
PHP vulnerabilities
2009-02-12 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00

0.037 Low

EPSS

Percentile

90.8%

JSON
Related for SSV:4590
openvas59prion1f52ubuntucve1securityvulns5cve1freebsd1nessus23veracode1redhat3centos2oraclelinux2osv1debian1fedora4ubuntu1gentoo1