Description

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Remediation

References

CVE-2007-1649

Related Vulnerabilities

WordPress Plugin User Meta 'uploader.php' Arbitrary File Upload (1.1.1)

Envoy Proxy Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-8660)

Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-45612)

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)

Jenkins Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-43497)

Severity

High

Classification

CVE-2007-1649

Tags

Missing Update Known Vulnerabilities