Description

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

Remediation

References

CVE-2007-1888

Related Vulnerabilities

PHP Other Vulnerability (CVE-1999-0058)

WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)

WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)

PostgreSQL Other Vulnerability (CVE-2007-0556)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7711)

Severity

High

Classification

CVE-2007-1888

Tags

Missing Update Known Vulnerabilities