Main Vulnerability Database Vulnerabilities #VU110445

Input validation error in PHP - CVE-2007-1401

Published: October 16, 2018 / Updated: June 12, 2025

Vulnerability identifier: #VU110445

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2007-1401

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: PHP Group

Affected software:
PHP

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code.

Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

How to mitigate CVE-2007-1401

Install update from vendor's website.

Sources

http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html
http://securityreason.com/securityalert/2405
http://www.securityfocus.com/archive/1/462226/100/0/threaded
https://www.exploit-db.com/exploits/3431

Input validation error in PHP - CVE-2007-1401

Detailed vulnerability description

How to mitigate CVE-2007-1401

Sources

Please verify you're human