Input validation error in PHP - CVE-2008-7068
Published: October 30, 2018 / Updated: June 8, 2025
Vulnerability identifier: #VU110324
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2008-7068
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (file truncation) via a key with the NULL byte.
How to mitigate CVE-2008-7068
Install update from vendor's website.
Sources
- http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&
- http://securityreason.com/achievement_securityalert/58
- http://www.osvdb.org/52206
- http://www.securityfocus.com/archive/1/498746/100/0/threaded
- http://www.securityfocus.com/archive/1/498981/100/0/threaded
- http://www.securityfocus.com/archive/1/498982/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47316