Unrated severityNVD Advisory· Published Feb 13, 2007· Updated Apr 23, 2026
CVE-2007-0906
CVE-2007-0906
Description
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
Affected products
77cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*+ 74 more
- cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
54- www.securityfocus.com/bid/22496nvdPatch
- rhn.redhat.com/errata/RHSA-2007-0089.htmlnvdVendor Advisory
- secunia.com/advisories/24089nvdVendor Advisory
- secunia.com/advisories/24195nvdVendor Advisory
- secunia.com/advisories/24217nvdVendor Advisory
- secunia.com/advisories/24236nvdVendor Advisory
- secunia.com/advisories/24248nvdVendor Advisory
- secunia.com/advisories/24284nvdVendor Advisory
- secunia.com/advisories/24295nvdVendor Advisory
- secunia.com/advisories/24322nvdVendor Advisory
- secunia.com/advisories/24419nvdVendor Advisory
- secunia.com/advisories/24421nvdVendor Advisory
- secunia.com/advisories/24432nvdVendor Advisory
- secunia.com/advisories/24514nvdVendor Advisory
- secunia.com/advisories/24606nvdVendor Advisory
- secunia.com/advisories/24642nvdVendor Advisory
- secunia.com/advisories/24945nvdVendor Advisory
- secunia.com/advisories/26048nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0081.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0082.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0088.htmlnvdVendor Advisory
- patches.sgi.com/support/free/security/advisories/20070201-01-P.ascnvd
- lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlnvd
- lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlnvd
- osvdb.org/34706nvd
- osvdb.org/34707nvd
- osvdb.org/34708nvd
- osvdb.org/34709nvd
- osvdb.org/34710nvd
- osvdb.org/34711nvd
- osvdb.org/34712nvd
- osvdb.org/34713nvd
- osvdb.org/34714nvd
- osvdb.org/34715nvd
- security.gentoo.org/glsa/glsa-200703-21.xmlnvd
- support.avaya.com/elmodocs2/security/ASA-2007-101.htmnvd
- support.avaya.com/elmodocs2/security/ASA-2007-136.htmnvd
- www.mandriva.com/security/advisoriesnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.htmlnvd
- www.osvdb.org/32776nvd
- www.php.net/ChangeLog-5.phpnvd
- www.php.net/releases/5_2_1.phpnvd
- www.redhat.com/support/errata/RHSA-2007-0076.htmlnvd
- www.securityfocus.com/archive/1/461462/100/0/threadednvd
- www.securityfocus.com/archive/1/466166/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.trustix.org/errata/2007/0009/nvd
- www.ubuntu.com/usn/usn-424-1nvd
- www.ubuntu.com/usn/usn-424-2nvd
- www.us.debian.org/security/2007/dsa-1264nvd
- www.vupen.com/english/advisories/2007/0546nvd
- issues.rpath.com/browse/RPL-1088nvd
- issues.rpath.com/browse/RPL-1268nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992nvd
News mentions
0No linked articles in our index yet.