CVE-2007-1887

 

Published at: - 06-04-2007 03:19

Last modified: - 21-07-2022 05:12

Total changes: - 2

Description

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://www.php-security.org/MOPB/MOPB-41-2007.html
• http://www.php.net/releases/5_2_1.php
• 23235-Third Party Advisory, VDB Entry
• DSA-1283-Third Party Advisory
• USN-455-1-Third Party Advisory
• 25062-Not Applicable
• 25057-Not Applicable
• 24909-Not Applicable
• http://www.php.net/releases/5_2_3.php
• FEDORA-2007-2215-Mailing List, Third Party Advisory
• GLSA-200710-02-Third Party Advisory
• MDKSA-2007:088-Broken Link
• MDKSA-2007:089-Broken Link
• 27037-Not Applicable
• 27110-Not Applicable
• 27102-Not Applicable
• ADV-2007-3386-Permissions Required
• SSRT071447-Broken Link
• ADV-2007-2016-Permissions Required
• php-sqlitedecodebinary-bo(33766)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:5348-Third Party Advisory

 

Keywords

NVD

 

CVE-2007-1887

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures