Total vulnerabilities in the database
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
| Software | From | Fixed in |
|---|---|---|
| php / php | 4.0.0 | 4.4.8 |
| php / php | 5.0.0 | 5.2.4 |
| debian / debian_linux | 3.1 | 3.1.x |
| debian / debian_linux | 4.0 | 4.0.x |
| canonical / ubuntu_linux | 6.06 | 6.06.x |
| canonical / ubuntu_linux | 7.04 | 7.04.x |
| canonical / ubuntu_linux | 7.10 | 7.10.x |
| canonical / ubuntu_linux | 6.10 | 6.10.x |