CVE-2007-0988

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

🔗 References (90)

• cve@mitreftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
• cve@mitrehttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858
• cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
• cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
• cve@mitrehttp://osvdb.org/32762
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2007-0089.html
• cve@mitrehttp://secunia.com/advisories/24195
• cve@mitrehttp://secunia.com/advisories/24217
• cve@mitrehttp://secunia.com/advisories/24236
• cve@mitrehttp://secunia.com/advisories/24248
• cve@mitrehttp://secunia.com/advisories/24284
• cve@mitrehttp://secunia.com/advisories/24295
• cve@mitrehttp://secunia.com/advisories/24322
• cve@mitrehttp://secunia.com/advisories/24419
• cve@mitrehttp://secunia.com/advisories/24421