Unrated severityNVD Advisory· Published Nov 20, 2007· Updated Apr 23, 2026

CVE-2007-6039

Description

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: <=5.2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/3365nvd
securityreason.com/securityalert/3366nvd
www.securityfocus.com/archive/1/483644/100/0/threadednvd
www.securityfocus.com/archive/1/483648/100/0/threadednvd
www.securityfocus.com/bid/26426nvd
www.securityfocus.com/bid/26428nvd
exchange.xforce.ibmcloud.com/vulnerabilities/38442nvd
exchange.xforce.ibmcloud.com/vulnerabilities/38443nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000