Description

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

Remediation

References

CVE-2007-1889

Related Vulnerabilities

WordPress Plugin WP Job Manager Cross-Site Scripting (1.26.1)

Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.3.3)

WordPress Plugin 10Web Map Builder for Google Maps SQL Injection (1.0.72)

WordPress Plugin IzeeChat-Live Chat Cross-Site Scripting (1.0)

WordPress Plugin dsIDXpress IDX Multiple Unspecified Vulnerabilities (2.1.32)

Severity

High

Classification

CVE-2007-1889

Tags

Missing Update Known Vulnerabilities