VYPR
Unrated severityNVD Advisory· Published Apr 6, 2007· Updated Jun 16, 2026

CVE-2007-1889

CVE-2007-1889

Description

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    • (no CPE)range: =5.2.0

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.