CVE-2007-1887

Php < 4.4.5 - Buffer Overflow

Title source: rule

Description

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

References (21)

Core 21

Core References

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27110

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1283

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2016

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5348

Release Notes, Vendor Advisory x_refsource_confirm

http://www.php.net/releases/5_2_1.php

Broken Link, Vendor Advisory x_refsource_misc

http://www.php-security.org/MOPB/MOPB-41-2007.html

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25062

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-455-1

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24909

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3386

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33766

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23235

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27037

Release Notes, Vendor Advisory x_refsource_confirm

http://www.php.net/releases/5_2_3.php

Broken Link vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27102

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:089

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25057

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

Scores

EPSS 0.0441

EPSS Percentile 89.1%

Details

CWE

CWE-120

Status published

Products (5)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

canonical/ubuntu_linux 7.04

debian/debian_linux 4.0

php/php 4.0 - 4.4.5

Published Apr 06, 2007

Tracked Since Feb 18, 2026