Description

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

Remediation

References

CVE-2007-3998

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2004-2244)

WordPress Plugin Hitasoft FLV Player 'id' Parameter SQL Injection (1.1)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000482)

WordPress Plugin Webapp builder (Free mobile apps native iPhone iOS & Android Winphone mobile apps) Arbitrary File Upload (2.0)

Joomla! Core Multiple Vulnerabilities (1.7.3 - 3.7.2)

Severity

Medium

Classification

CVE-2007-3998 CWE-20

Tags

Missing Update Known Vulnerabilities