{
  "bugzilla" : {
    "description" : "php shmop argument validation",
    "id" : "240161",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=240161"
  },
  "details" : [ "The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource." ],
  "statement" : "The PHP interpreter does not offer a reliable \"sandboxed\" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-1376\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-1376" ],
  "name" : "CVE-2007-1376",
  "csaw" : false
}