Description

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Remediation

References

CVE-2007-0988

Related Vulnerabilities

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.36)

Jenkins Missing Authorization Vulnerability (CVE-2021-21687)

Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)

Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)

WordPress Plugin Startklar Elementor Addons Directory Traversal (1.7.15)

Severity

Medium

Classification

CVE-2007-0988 CWE-119

Tags

Missing Update Known Vulnerabilities