Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 7.5 | HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |
Not vulnerable. The zip extension was not distributed with PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
| Hyperlink | Source | Resource |
|---|---|---|
| http://secunia.com/advisories/25025 | cve@mitre.org | N/A |
| http://secunia.com/advisories/25062 | cve@mitre.org | N/A |
| http://www.debian.org/security/2007/dsa-1282 | cve@mitre.org | N/A |
| http://www.debian.org/security/2007/dsa-1283 | cve@mitre.org | N/A |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:130 | cve@mitre.org | N/A |
| http://www.php-security.org/MOPB/MOPB-35-2007.html | cve@mitre.org | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/23169 | cve@mitre.org | Exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33652 | cve@mitre.org | N/A |