{
  "bugzilla" : {
    "description" : "php integer overflow in strspn/strcspn",
    "id" : "278061",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=278061"
  },
  "details" : [ "Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read.  NOTE: this affects different product versions than CVE-2007-3996." ],
  "statement" : "The only effect of this bug is to cause the process to read from a random segment of memory, if a large \"length\" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-4657\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4657" ],
  "name" : "CVE-2007-4657",
  "csaw" : false
}