Unrated severityNVD Advisory· Published Sep 4, 2007· Updated Apr 23, 2026
CVE-2007-3998
CVE-2007-3998
Description
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
35- lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2007-0889.htmlnvdThird Party Advisory
- secunia.com/advisories/26642nvdThird Party Advisory
- secunia.com/advisories/26822nvdThird Party Advisory
- secunia.com/advisories/26838nvdThird Party Advisory
- secunia.com/advisories/26871nvdThird Party Advisory
- secunia.com/advisories/26895nvdThird Party Advisory
- secunia.com/advisories/26930nvdThird Party Advisory
- secunia.com/advisories/26967nvdThird Party Advisory
- secunia.com/advisories/27102nvdThird Party Advisory
- secunia.com/advisories/27377nvdThird Party Advisory
- secunia.com/advisories/27545nvdThird Party Advisory
- secunia.com/advisories/27864nvdThird Party Advisory
- secunia.com/advisories/28249nvdThird Party Advisory
- secunia.com/advisories/28658nvdThird Party Advisory
- secunia.com/advisories/30288nvdThird Party Advisory
- secweb.se/en/advisories/php-wordwrap-vulnerability/nvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2007-449.htmnvdThird Party Advisory
- www.debian.org/security/2008/dsa-1444nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1578nvdThird Party Advisory
- www.gentoo.org/security/en/glsa/glsa-200710-02.xmlnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdVendor Advisory
- www.php.net/releases/5_2_4.phpnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0890.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0891.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/usn-549-2nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/3023nvdPermissions RequiredThird Party Advisory
- launchpad.net/bugs/173043nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603nvdThird Party Advisory
- usn.ubuntu.com/549-1/nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.htmlnvdThird Party Advisory
- www.trustix.org/errata/2007/0026/nvdBroken Link
- issues.rpath.com/browse/RPL-1693nvdBroken Link
- issues.rpath.com/browse/RPL-1702nvdBroken Link
News mentions
0No linked articles in our index yet.