Description

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

Remediation

References

CVE-2007-1286

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6170)

WordPress Credentials Management Errors Vulnerability (CVE-2016-5838)

PHP Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2010-4657)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5339)

WordPress Plugin NextGEN Gallery-WordPress Gallery PHP Object Injection (3.1.5)

Severity

Medium

Classification

CVE-2007-1286

Tags

Missing Update Known Vulnerabilities