Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0988)

Description

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Remediation

References

Related Vulnerabilities

SharePoint CVE-2021-31948 Vulnerability (CVE-2021-31948)

WordPress Plugin Events Made Easy Arbitrary File Upload (2.1.1)

PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)

PHP Other Vulnerability (CVE-2015-1352)

WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)

Severity

Medium

Classification

CVE-2007-0988 CWE-119

Tags

Missing Update Known Vulnerabilities