CVE-2007-4782

Impact:
Low
Public Date:
2007-09-04
Bugzilla:
285881: CVE-2007-4782 php crash in glob() and fnmatch() functions

The MITRE CVE dictionary describes this issue as:

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Find out more about CVE-2007-4782 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (php) RHSA-2008:0544 2008-07-16
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2008:0505 2008-07-02
Red Hat Enterprise Linux 4 (php) RHSA-2008:0545 2008-07-16
Red Hat Enterprise Linux 3 (php) RHSA-2008:0544 2008-07-16
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (php) RHSA-2008:0582 2008-07-22

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.