CVE-2007-1824
PHP 5 - Denial of Service via php://filter/ URL with Trailing Dot
Title source: llmDescription
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25056
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23237
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1283
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25062
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-455-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25057
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33729
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_32_php.html
Various Sources x_refsource_misc
http://www.php-security.org/MOPB/MOPB-42-2007.html
Scores
EPSS
0.0214
EPSS Percentile
84.4%
Details
Status
published
Products (14)
php/php
5.0.0
php/php
5.0.1
php/php
5.0.2
php/php
5.0.3
php/php
5.0.4
php/php
5.0.5
php/php
5.1.0
php/php
5.1.1
php/php
5.1.2
php/php
5.1.3
... and 4 more
Published
Apr 02, 2007
Tracked Since
Feb 18, 2026