Unrated severityNVD Advisory· Published Sep 10, 2007· Updated Apr 23, 2026
CVE-2007-4782
CVE-2007-4782
Description
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- www.securityfocus.com/archive/1/478726/100/0/threadednvdExploit
- lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.htmlnvd
- osvdb.org/38686nvd
- secunia.com/advisories/27102nvd
- secunia.com/advisories/28658nvd
- secunia.com/advisories/30828nvd
- secunia.com/advisories/31119nvd
- secunia.com/advisories/31200nvd
- securityreason.com/securityalert/3109nvd
- www.gentoo.org/security/en/glsa/glsa-200710-02.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2008-0505.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0544.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0545.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0582.htmlnvd
- www.securityfocus.com/archive/1/478626/100/0/threadednvd
- www.securityfocus.com/archive/1/478630/100/0/threadednvd
- www.ubuntu.com/usn/usn-628-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36457nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36461nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897nvd
- www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.htmlnvd
News mentions
0No linked articles in our index yet.