#VU110353 Input validation error in PHP - CVE-2007-6039
Published: October 15, 2018 / Updated: June 12, 2025
Vulnerability identifier: #VU110353
Vulnerability risk: Low
CVSSv4.0:
CVE-ID: CVE-2007-6039
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function.
Remediation
Install update from vendor's website.
External links
- http://securityreason.com/securityalert/3365
- http://securityreason.com/securityalert/3366
- http://www.securityfocus.com/archive/1/483644/100/0/threaded
- http://www.securityfocus.com/archive/1/483648/100/0/threaded
- http://www.securityfocus.com/bid/26426
- http://www.securityfocus.com/bid/26428
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38443