CVE-2007-2872

Impact:
Moderate
Public Date:
2007-06-01
CWE:
CWE-190
Bugzilla:
242032: CVE-2007-2872 php chunk_split integer overflow

The MITRE CVE dictionary describes this issue as:

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

Find out more about CVE-2007-2872 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2872

The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (php) RHSA-2007:0890 2007-09-20
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (php) RHSA-2007:0891 2007-10-25
Red Hat Enterprise Linux 2.1 (php) RHSA-2007:0888 2007-10-23
Red Hat Enterprise Linux 3 (php) RHSA-2007:0889 2007-09-26
Red Hat Enterprise Linux 5 (php) RHSA-2007:0890 2007-09-20
Last Modified

CVE description copyright © 2017, The MITRE Corporation