NVD Vulnerability Detail

CVE-2007-2872

Summary	Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Summary	Los múltiples desbordamientos de enteros en la función chunk_split en PHP versión 5 anterior a 5.2.3 y PHP versión 4 anterior a 4.4.8, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de los argumentos (1) chunks, (2) srclen, y (3) chunklen.
Publication Date	June 5, 2007, 2:30 a.m.
Registration Date	Jan. 29, 2021, 2:13 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php::::::::		4.4.7
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*
cpe:2.3:a:php:php:5.2.2:::::::*

Related information, measures and tools

No	URL	refsource
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	secalert@redhat.com
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501	secalert@redhat.com
3	http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html	secalert@redhat.com
4	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html	secalert@redhat.com
5	http://osvdb.org/36083	secalert@redhat.com
6	http://rhn.redhat.com/errata/RHSA-2007-0889.html	secalert@redhat.com
7	http://secunia.com/advisories/25456	secalert@redhat.com
8	http://secunia.com/advisories/25535	secalert@redhat.com
9	http://secunia.com/advisories/26048	secalert@redhat.com
10	http://secunia.com/advisories/26231	secalert@redhat.com
11	http://secunia.com/advisories/26838	secalert@redhat.com
12	http://secunia.com/advisories/26871	secalert@redhat.com
13	http://secunia.com/advisories/26895	secalert@redhat.com
14	http://secunia.com/advisories/26930	secalert@redhat.com
15	http://secunia.com/advisories/26967	secalert@redhat.com
16	http://secunia.com/advisories/27037	secalert@redhat.com
17	http://secunia.com/advisories/27102	secalert@redhat.com
18	http://secunia.com/advisories/27110	secalert@redhat.com
19	http://secunia.com/advisories/27351	secalert@redhat.com
20	http://secunia.com/advisories/27377	secalert@redhat.com
21	http://secunia.com/advisories/27545	secalert@redhat.com
22	http://secunia.com/advisories/27864	secalert@redhat.com
23	http://secunia.com/advisories/28318	secalert@redhat.com
24	http://secunia.com/advisories/28658	secalert@redhat.com
25	http://secunia.com/advisories/28750	secalert@redhat.com
26	http://secunia.com/advisories/28936	secalert@redhat.com
27	http://secunia.com/advisories/30040	secalert@redhat.com
28	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863	secalert@redhat.com
29	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136	secalert@redhat.com
30	http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm	secalert@redhat.com
31	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	secalert@redhat.com
32	http://www.mandriva.com/security/advisories?name=MDKSA-2007:187	secalert@redhat.com
33	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html	secalert@redhat.com
34	http://www.php.net/ChangeLog-4.php	secalert@redhat.com
35	http://www.php.net/releases/4_4_8.php	secalert@redhat.com
36	http://www.php.net/releases/5_2_3.php	secalert@redhat.com
37	http://www.redhat.com/support/errata/RHSA-2007-0888.html	secalert@redhat.com
38	http://www.redhat.com/support/errata/RHSA-2007-0890.html	secalert@redhat.com
39	http://www.redhat.com/support/errata/RHSA-2007-0891.html	secalert@redhat.com
40	http://www.sec-consult.com/291.html	secalert@redhat.com
41	http://www.securityfocus.com/archive/1/470244/100/0/threaded	secalert@redhat.com
42	http://www.securityfocus.com/archive/1/491693/100/0/threaded	secalert@redhat.com
43	http://www.securityfocus.com/bid/24261	secalert@redhat.com
44	http://www.securitytracker.com/id?1018186	secalert@redhat.com
45	http://www.trustix.org/errata/2007/0023/	secalert@redhat.com
46	http://www.ubuntu.com/usn/usn-549-2	secalert@redhat.com
47	http://www.vupen.com/english/advisories/2007/2061	secalert@redhat.com
48	http://www.vupen.com/english/advisories/2007/3386	secalert@redhat.com
49	http://www.vupen.com/english/advisories/2008/0059	secalert@redhat.com
50	http://www.vupen.com/english/advisories/2008/0398	secalert@redhat.com
51	https://exchange.xforce.ibmcloud.com/vulnerabilities/39398	secalert@redhat.com
52	https://issues.rpath.com/browse/RPL-1693	secalert@redhat.com
53	https://issues.rpath.com/browse/RPL-1702	secalert@redhat.com
54	https://launchpad.net/bugs/173043	secalert@redhat.com
55	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424	secalert@redhat.com
56	https://usn.ubuntu.com/549-1/	secalert@redhat.com
57	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html	secalert@redhat.com
58	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html	secalert@redhat.com
59	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	af854a3a-2127-422b-91ae-364da2661108
60	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501	af854a3a-2127-422b-91ae-364da2661108
61	http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html	af854a3a-2127-422b-91ae-364da2661108
62	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html	af854a3a-2127-422b-91ae-364da2661108
63	http://osvdb.org/36083	af854a3a-2127-422b-91ae-364da2661108
64	http://rhn.redhat.com/errata/RHSA-2007-0889.html	af854a3a-2127-422b-91ae-364da2661108
65	http://secunia.com/advisories/25456	af854a3a-2127-422b-91ae-364da2661108
66	http://secunia.com/advisories/25535	af854a3a-2127-422b-91ae-364da2661108
67	http://secunia.com/advisories/26048	af854a3a-2127-422b-91ae-364da2661108
68	http://secunia.com/advisories/26231	af854a3a-2127-422b-91ae-364da2661108
69	http://secunia.com/advisories/26838	af854a3a-2127-422b-91ae-364da2661108
70	http://secunia.com/advisories/26871	af854a3a-2127-422b-91ae-364da2661108
71	http://secunia.com/advisories/26895	af854a3a-2127-422b-91ae-364da2661108
72	http://secunia.com/advisories/26930	af854a3a-2127-422b-91ae-364da2661108
73	http://secunia.com/advisories/26967	af854a3a-2127-422b-91ae-364da2661108
74	http://secunia.com/advisories/27037	af854a3a-2127-422b-91ae-364da2661108
75	http://secunia.com/advisories/27102	af854a3a-2127-422b-91ae-364da2661108
76	http://secunia.com/advisories/27110	af854a3a-2127-422b-91ae-364da2661108
77	http://secunia.com/advisories/27351	af854a3a-2127-422b-91ae-364da2661108
78	http://secunia.com/advisories/27377	af854a3a-2127-422b-91ae-364da2661108
79	http://secunia.com/advisories/27545	af854a3a-2127-422b-91ae-364da2661108
80	http://secunia.com/advisories/27864	af854a3a-2127-422b-91ae-364da2661108
81	http://secunia.com/advisories/28318	af854a3a-2127-422b-91ae-364da2661108
82	http://secunia.com/advisories/28658	af854a3a-2127-422b-91ae-364da2661108
83	http://secunia.com/advisories/28750	af854a3a-2127-422b-91ae-364da2661108
84	http://secunia.com/advisories/28936	af854a3a-2127-422b-91ae-364da2661108
85	http://secunia.com/advisories/30040	af854a3a-2127-422b-91ae-364da2661108
86	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863	af854a3a-2127-422b-91ae-364da2661108
87	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136	af854a3a-2127-422b-91ae-364da2661108
88	http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm	af854a3a-2127-422b-91ae-364da2661108
89	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	af854a3a-2127-422b-91ae-364da2661108
90	http://www.mandriva.com/security/advisories?name=MDKSA-2007:187	af854a3a-2127-422b-91ae-364da2661108
91	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html	af854a3a-2127-422b-91ae-364da2661108
92	http://www.php.net/ChangeLog-4.php	af854a3a-2127-422b-91ae-364da2661108
93	http://www.php.net/releases/4_4_8.php	af854a3a-2127-422b-91ae-364da2661108
94	http://www.php.net/releases/5_2_3.php	af854a3a-2127-422b-91ae-364da2661108
95	http://www.redhat.com/support/errata/RHSA-2007-0888.html	af854a3a-2127-422b-91ae-364da2661108
96	http://www.redhat.com/support/errata/RHSA-2007-0890.html	af854a3a-2127-422b-91ae-364da2661108
97	http://www.redhat.com/support/errata/RHSA-2007-0891.html	af854a3a-2127-422b-91ae-364da2661108
98	http://www.sec-consult.com/291.html	af854a3a-2127-422b-91ae-364da2661108
99	http://www.securityfocus.com/archive/1/470244/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
100	http://www.securityfocus.com/archive/1/491693/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
101	http://www.securityfocus.com/bid/24261	af854a3a-2127-422b-91ae-364da2661108
102	http://www.securitytracker.com/id?1018186	af854a3a-2127-422b-91ae-364da2661108
103	http://www.trustix.org/errata/2007/0023/	af854a3a-2127-422b-91ae-364da2661108
104	http://www.ubuntu.com/usn/usn-549-2	af854a3a-2127-422b-91ae-364da2661108
105	http://www.vupen.com/english/advisories/2007/2061	af854a3a-2127-422b-91ae-364da2661108
106	http://www.vupen.com/english/advisories/2007/3386	af854a3a-2127-422b-91ae-364da2661108
107	http://www.vupen.com/english/advisories/2008/0059	af854a3a-2127-422b-91ae-364da2661108
108	http://www.vupen.com/english/advisories/2008/0398	af854a3a-2127-422b-91ae-364da2661108
109	https://exchange.xforce.ibmcloud.com/vulnerabilities/39398	af854a3a-2127-422b-91ae-364da2661108
110	https://issues.rpath.com/browse/RPL-1693	af854a3a-2127-422b-91ae-364da2661108
111	https://issues.rpath.com/browse/RPL-1702	af854a3a-2127-422b-91ae-364da2661108
112	https://launchpad.net/bugs/173043	af854a3a-2127-422b-91ae-364da2661108
113	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424	af854a3a-2127-422b-91ae-364da2661108
114	https://usn.ubuntu.com/549-1/	af854a3a-2127-422b-91ae-364da2661108
115	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html	af854a3a-2127-422b-91ae-364da2661108
116	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php::::::::		4.4.7
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*
cpe:2.3:a:php:php:5.2.2:::::::*