7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.3%
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions;
(5) stream filters; and the (6) str_replace, (7) mail, (8)
ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user
functions. NOTE: vector 6 might actually be an integer overflow
(CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the
imap_mail_compose function (CVE-2007-1825).