Description

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

Remediation

References

CVE-2007-4657

Related Vulnerabilities

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.11.3)

WordPress Plugin Caldera Forms-More Than Contact Forms Cross-Site Scripting (1.4.1)

Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1104)

Oracle JRE CVE-2019-2978 Vulnerability (CVE-2019-2978)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38901)

Severity

High

Classification

CVE-2007-4657

Tags

Missing Update Known Vulnerabilities