CVE-2008-1384
PHP < 5.2.5 - Denial of Service via Integer Overflow in printf Width Specifier
Title source: llmDescription
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
References (22)
Core 22
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489962/100/0/threaded
Various Sources x_refsource_confirm
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30345
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-628-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30411
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30158
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28392
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/492535/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32746
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200811-05.xml
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1572
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30967
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/492671/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31200
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2503
Exploit third-party-advisory
x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/52
Scores
EPSS
0.0269
EPSS Percentile
86.1%
Details
CWE
CWE-189
Status
published
Products (1)
php/php
< 5.2.5
Published
Mar 27, 2008
Tracked Since
Feb 18, 2026