{
  "details" : [ "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation." ],
  "statement" : "The PHP interpreter does not offer a reliable \"sandboxed\" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself.  We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-1521\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-1521" ],
  "name" : "CVE-2007-1521",
  "csaw" : false
}