Launchpad.net

CVE 2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugzilla.redhat...
MISC: http://www.php.net/rel...
REDHAT: RHSA-2007:0076
SECUNIA: 24195
REDHAT: RHSA-2007:0081
REDHAT: RHSA-2007:0089
UBUNTU: USN-424-1
SECUNIA: 24217
SECUNIA: 24248
SECUNIA: 24236
SECUNIA: 24295
CONFIRM: https://issues.rpath.c...
OPENPKG: OpenPKG-SA-2007.010
SECUNIA: 24322
CONFIRM: http://support.avaya.c...
DEBIAN: DSA-1264
REDHAT: RHSA-2007:0088
UBUNTU: USN-424-2
SECUNIA: 24432
SECUNIA: 24421
REDHAT: RHSA-2007:0082
SECTRACK: 1017671
GENTOO: GLSA-200703-21
SECUNIA: 24606
CONFIRM: http://support.avaya.c...
SECUNIA: 24642
MISC: http://www.php-securit...
SUSE: SUSE-SA:2007:032
SECUNIA: 25056
SECUNIA: 25423
SGI: 20070201-01-P
TRUSTIX: 2007-0009
SECUNIA: 24284
SECUNIA: 24419
SECUNIA: 25850
SREASON: 2315
MANDRIVA: MDKSA-2007:048
OSVDB: 32762
VUPEN: ADV-2007-1991
VUPEN: ADV-2007-2374
HP: HPSBMA02215
HP: SSRT071423
HP: HPSBTU02232
HP: SSRT071429
XF: php-zendhashinit-dos(3...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070227 rPSA-2007-004...

Launchpad.net

CVE 2007-0988

Related bugs

References