NVD Vulnerability Detail

CVE-2007-4887

Summary	The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
Summary	La función dl en PHP 5.2.4 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante una cadena larga en el parámetro library. NOTA. Existen escenarios de uso limitado bajo los cuales esto sería una vulnerabilidad.
Publication Date	Sept. 14, 2007, 9:17 a.m.
Registration Date	Jan. 29, 2021, 2:20 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:php:php::::::::			5.2.4

Related information, measures and tools

No	URL	refsource
1	http://docs.info.apple.com/article.html?artnum=307562	cve@mitre.org
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501	cve@mitre.org
3	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	cve@mitre.org
4	http://secunia.com/advisories/27102	cve@mitre.org
5	http://secunia.com/advisories/27659	cve@mitre.org
6	http://secunia.com/advisories/28750	cve@mitre.org
7	http://secunia.com/advisories/29420	cve@mitre.org
8	http://secunia.com/advisories/30040	cve@mitre.org
9	http://securityreason.com/securityalert/3133	cve@mitre.org
10	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242	cve@mitre.org
11	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	cve@mitre.org
12	http://www.php.net/ChangeLog-5.php#5.2.5	cve@mitre.org
13	http://www.php.net/releases/5_2_5.php	cve@mitre.org
14	http://www.securityfocus.com/archive/1/478985/100/0/threaded	cve@mitre.org
15	http://www.securityfocus.com/archive/1/478988/100/0/threaded	cve@mitre.org
16	http://www.securityfocus.com/archive/1/491693/100/0/threaded	cve@mitre.org
17	http://www.securityfocus.com/bid/26403	cve@mitre.org
18	http://www.vupen.com/english/advisories/2007/3825	cve@mitre.org
19	http://www.vupen.com/english/advisories/2008/0398	cve@mitre.org
20	http://www.vupen.com/english/advisories/2008/0924/references	cve@mitre.org
21	https://issues.rpath.com/browse/RPL-1943	cve@mitre.org
22	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767	cve@mitre.org
23	http://docs.info.apple.com/article.html?artnum=307562	af854a3a-2127-422b-91ae-364da2661108
24	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501	af854a3a-2127-422b-91ae-364da2661108
25	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/27102	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/27659	af854a3a-2127-422b-91ae-364da2661108
28	http://secunia.com/advisories/28750	af854a3a-2127-422b-91ae-364da2661108
29	http://secunia.com/advisories/29420	af854a3a-2127-422b-91ae-364da2661108
30	http://secunia.com/advisories/30040	af854a3a-2127-422b-91ae-364da2661108
31	http://securityreason.com/securityalert/3133	af854a3a-2127-422b-91ae-364da2661108
32	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242	af854a3a-2127-422b-91ae-364da2661108
33	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml	af854a3a-2127-422b-91ae-364da2661108
34	http://www.php.net/ChangeLog-5.php#5.2.5	af854a3a-2127-422b-91ae-364da2661108
35	http://www.php.net/releases/5_2_5.php	af854a3a-2127-422b-91ae-364da2661108
36	http://www.securityfocus.com/archive/1/478985/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
37	http://www.securityfocus.com/archive/1/478988/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
38	http://www.securityfocus.com/archive/1/491693/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
39	http://www.securityfocus.com/bid/26403	af854a3a-2127-422b-91ae-364da2661108
40	http://www.vupen.com/english/advisories/2007/3825	af854a3a-2127-422b-91ae-364da2661108
41	http://www.vupen.com/english/advisories/2008/0398	af854a3a-2127-422b-91ae-364da2661108
42	http://www.vupen.com/english/advisories/2008/0924/references	af854a3a-2127-422b-91ae-364da2661108
43	https://issues.rpath.com/browse/RPL-1943	af854a3a-2127-422b-91ae-364da2661108
44	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html