Heap-based buffer overflow in PHP - CVE-2007-4661
Published: October 3, 2018 / Updated: June 8, 2025
Vulnerability identifier: #VU110372
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2007-4661
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which. A remote attacker can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2007-4661
Install update from vendor's website.
Sources
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://secunia.com/advisories/26642
- http://secunia.com/advisories/26838
- http://secunia.com/advisories/27102
- http://secunia.com/advisories/27864
- http://secunia.com/advisories/28658
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://www.php.net/releases/5_2_4.php
- http://www.ubuntu.com/usn/usn-549-2
- https://issues.rpath.com/browse/RPL-1702
- https://launchpad.net/bugs/173043
- https://usn.ubuntu.com/549-1/