1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
PublicDate: 2007-02-13
Candidate: CVE-2007-0908
References:
http://www.ubuntu.com/usn/usn-424-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
Description:
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4
before 4.4.5 does not properly initialize the key_length variable for a
numerical key, which allows context-dependent attackers to read stack
memory via a wddxPacket element that contains a variable with a string name
before a numerical variable.
Ubuntu-Description:
Notes:
Bugs:
dapper_php5: released (5.1.2-1ubuntu3.9)
edgy_php5: released (5.1.6-1ubuntu2.6)
feisty_php5: released (5.2.1-0ubuntu1.4)
devel_php5: released (5.2.3-1ubuntu5)
upstream_php5:
|