Unrated severityNVD Advisory· Published Feb 13, 2007· Updated Apr 23, 2026
CVE-2007-0908
CVE-2007-0908
Description
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Affected products
12cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=4.0.0,<4.4.5
- cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
43- www.securityfocus.com/bid/22496nvdPatchThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2007-0089.htmlnvdThird Party Advisory
- secunia.com/advisories/24089nvdThird Party Advisory
- secunia.com/advisories/24195nvdThird Party Advisory
- secunia.com/advisories/24217nvdThird Party Advisory
- secunia.com/advisories/24236nvdThird Party Advisory
- secunia.com/advisories/24248nvdThird Party Advisory
- secunia.com/advisories/24284nvdThird Party Advisory
- secunia.com/advisories/24295nvdThird Party Advisory
- secunia.com/advisories/24322nvdThird Party Advisory
- secunia.com/advisories/24419nvdThird Party Advisory
- secunia.com/advisories/24421nvdThird Party Advisory
- secunia.com/advisories/24432nvdThird Party Advisory
- secunia.com/advisories/24514nvdThird Party Advisory
- secunia.com/advisories/24606nvdThird Party Advisory
- secunia.com/advisories/24642nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-200703-21.xmlnvdThird Party Advisory
- securityreason.com/securityalert/2321nvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2007-101.htmnvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2007-136.htmnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.htmlnvdThird Party Advisory
- www.php-security.org/MOPB/MOPB-11-2007.htmlnvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdThird Party Advisory
- www.php.net/releases/5_2_1.phpnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0076.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0081.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0082.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0088.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/461462/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/22806nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-424-1nvdThird Party Advisory
- www.ubuntu.com/usn/usn-424-2nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/0546nvdPermissions RequiredThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/32493nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185nvdThird Party Advisory
- patches.sgi.com/support/free/security/advisories/20070201-01-P.ascnvdBroken Link
- lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlnvdBroken Link
- osvdb.org/32766nvdBroken Link
- www.trustix.org/errata/2007/0009/nvdBroken Link
- www.us.debian.org/security/2007/dsa-1264nvdBroken Link
- issues.rpath.com/browse/RPL-1088nvdBroken Link
News mentions
0No linked articles in our index yet.