CVE-2007-1286

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

🔗 References (64)

• cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
• cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2007-0154.html
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2007-0155.html
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2007-0163.html
• cve@mitrehttp://secunia.com/advisories/24419
• cve@mitrehttp://secunia.com/advisories/24606
• cve@mitrehttp://secunia.com/advisories/24910
• cve@mitrehttp://secunia.com/advisories/24924
• cve@mitrehttp://secunia.com/advisories/24941
• cve@mitrehttp://secunia.com/advisories/24945
• cve@mitrehttp://secunia.com/advisories/25025
• cve@mitrehttp://secunia.com/advisories/25062
• cve@mitrehttp://secunia.com/advisories/25423
• cve@mitrehttp://secunia.com/advisories/25445