FKIE_CVE-2007-4661

Vulnerability from fkie_nvd - Published: 2007-09-04 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
References
cve@mitre.orghttp://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59Exploit
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
cve@mitre.orghttp://secunia.com/advisories/26642Patch
cve@mitre.orghttp://secunia.com/advisories/26838
cve@mitre.orghttp://secunia.com/advisories/27102
cve@mitre.orghttp://secunia.com/advisories/27864
cve@mitre.orghttp://secunia.com/advisories/28658
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
cve@mitre.orghttp://www.php.net/ChangeLog-5.php#5.2.4
cve@mitre.orghttp://www.php.net/releases/5_2_4.phpPatch
cve@mitre.orghttp://www.ubuntu.com/usn/usn-549-2
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1702
cve@mitre.orghttps://launchpad.net/bugs/173043
cve@mitre.orghttps://usn.ubuntu.com/549-1/
af854a3a-2127-422b-91ae-364da2661108http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59Exploit
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26642Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26838
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27102
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27864
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28658
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/ChangeLog-5.php#5.2.4
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/releases/5_2_4.phpPatch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-549-2
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1702
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/bugs/173043
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/549-1/
Impacted products
Vendor Product Version
php php 5.2.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow.  NOTE: this is due to an incomplete fix for CVE-2007-2872."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n chunk_split en string.c en PHP 5.2.3 no calcula adecuadamente el tama\u00f1o de b\u00fafer necesario debido a la p\u00e9rdida de precisi\u00f3n cuando se realizan operaciones de entero con n\u00fameros con punto flotante, lo cual tiene vectores de ataque e impacto desconocido, posiblemente como resultado de un desbordamiento de b\u00fafer basado en pila. NOTA: esto puede ser debido a un parche incompleto para CVE-2007-2872."
    }
  ],
  "id": "CVE-2007-4661",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-04T22:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58\u0026r2=1.445.2.14.2.59"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/26642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26838"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27864"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28658"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.php.net/releases/5_2_4.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-549-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1702"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://launchpad.net/bugs/173043"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/549-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58\u0026r2=1.445.2.14.2.59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/26642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.php.net/releases/5_2_4.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-549-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/bugs/173043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/549-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. Mandriva has not issued an update to date to fix CVE-2007-2872 and the updates in progress are using a correct fix.",
      "lastModified": "2007-09-18T00:00:00",
      "organization": "Mandriva"
    },
    {
      "comment": "Not vulnerable.  Red Hat did not include an incomplete fix for CVE-2007-2872 for PHP in Red Hat Enterprise Linux or Red Hat Application Stack.",
      "lastModified": "2007-09-05T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.