CVE-2008-2050

PHP < 5.2.6 - Stack-Based Buffer Overflow in FastCGI SAPI

Title source: llm

STIX 2.1

Description

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

References (26)

Core 26

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1412

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/492535/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32746

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30083

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200811-05.xml

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29009

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2268

Patch vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1572

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30345

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-628-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42133

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30967

Third Party Advisory x_refsource_confirm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/05/02/2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30158

Patch, Vendor Advisory x_refsource_confirm

http://www.php.net/ChangeLog-5.php

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31200

Exploit x_refsource_confirm

http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u

Vendor Advisory vendor-advisory x_refsource_slackware

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31326

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-2503

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30048

Scores

EPSS 0.0665

EPSS Percentile 91.3%

Details

CWE

CWE-119

Status published

Products (19)

php/php 5.0.0 beta1 (7 CPE variants)

php/php 5.0.1

php/php 5.0.2

php/php 5.0.3

php/php 5.0.4

php/php 5.0.5

php/php 5.1.0

php/php 5.1.1

php/php 5.1.2

php/php 5.1.3

... and 9 more

Published May 05, 2008

Tracked Since Feb 18, 2026