CVE-2007-1285

high-risk
Published 2007-03-06

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Do I need to act?

~
6.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
29692
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (14)

Php
Suse Linux
Suse Linux

Affected Vendors

Suse Php Canonical Novell Redhat

References (76)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2007-0154.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2007-0155.html
Broken Link http://rhn.redhat.com/errata/RHSA-2007-0163.html
Broken Link http://secunia.com/advisories/24909
Broken Link http://secunia.com/advisories/24910
Broken Link http://secunia.com/advisories/24924
Broken Link http://secunia.com/advisories/24941
Broken Link http://secunia.com/advisories/24945
Broken Link http://secunia.com/advisories/25445
Broken Link http://secunia.com/advisories/26048
Broken Link http://secunia.com/advisories/26642
Broken Link http://secunia.com/advisories/27864
Broken Link http://secunia.com/advisories/28936
Third Party Advisory http://security.gentoo.org/glsa/glsa-200705-19.xml
Broken Link http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware...
Release Notes http://us2.php.net/releases/4_4_7.php
Release Notes http://us2.php.net/releases/5_2_2.php
Third Party Advisory http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
Third Party Advisory http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
and 56 more references
60
/ 100
high-risk
Severity 26/34 · High
Exploitability 16/34 · Moderate
Exposure 18/34 · Moderate