Showing 1 - 6 of 6

CVE-2007-4658

Status Candidate

Overview

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Related Files

Debian Linux Security Advisory 1444-2: Posted Jan 24, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1444-2 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA.; tags | advisory, remote, php, vulnerability; systems | linux, debian; advisories | CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899; SHA-256 | dda79c6d77254050d19f65dcad2c8f912bd1eaafbc90711f0b3651b4cf9362f5; Download | Favorite | View

Debian Linux Security Advisory 1444-1: Posted Jan 3, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1444-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language.; tags | advisory, remote, php, vulnerability; systems | linux, debian; advisories | CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899; SHA-256 | e011051596ddd3a8f90e9d2879e9c2deb16475061948bea707a9778931608245; Download | Favorite | View

Ubuntu Security Notice 549-2: Posted Dec 4, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 549-2 - USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10.; tags | advisory, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899; SHA-256 | 9a0a4a1d82e27e9d74bb5eb17c3168dc8ab295a00a313b9b1b95a786a5cb345f; Download | Favorite | View

Ubuntu Security Notice 549-1: Posted Nov 30, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.; tags | advisory, denial of service, overflow, arbitrary, php, vulnerability, code execution; systems | linux, ubuntu; advisories | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899; SHA-256 | 82dae6b629e189b7e2d3dfbad033c409a70c0f0886d117b786a64d4164df2e82; Download | Favorite | View

Gentoo Linux Security Advisory 200710-2: Posted Oct 9, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200710-02 - Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows. Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow. Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow. A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly. Versions less than 5.2.4_p20070914-r2 are affected.; tags | advisory, overflow, php, vulnerability; systems | linux, gentoo; advisories | CVE-2007-1883, CVE-2007-1887, CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007, CVE-2007-3378, CVE-2007-3806, CVE-2007-3996, CVE-2007-3997, CVE-2007-3998, CVE-2007-4652, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662; SHA-256 | 0954c820cef174c83409c66ee739a3d9955c800b776a51d4b17c9452a9f19875; Download | Favorite | View

Mandriva Linux Security Advisory 2007.187: Posted Sep 25, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670; SHA-256 | 01d42bfc7015b848897634663e966d52f46f75ad839abd6b538db6357c46f4f2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 88 files
indoushka 49 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 11 files
Jim Blankendaal 11 files
Debian 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

CVE-2007-4658

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems