CVE-2007-1380

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	4.0 (including)	4.0 (including)
Php	Php	4.0-beta_4_patch1 (including)	4.0-beta_4_patch1 (including)
Php	Php	4.0-beta1 (including)	4.0-beta1 (including)
Php	Php	4.0-beta2 (including)	4.0-beta2 (including)
Php	Php	4.0-beta3 (including)	4.0-beta3 (including)
Php	Php	4.0-beta4 (including)	4.0-beta4 (including)
Php	Php	4.0-rc1 (including)	4.0-rc1 (including)
Php	Php	4.0-rc2 (including)	4.0-rc2 (including)
Php	Php	4.0.0 (including)	4.0.0 (including)
Php	Php	4.0.1 (including)	4.0.1 (including)
Php	Php	4.0.1-patch1 (including)	4.0.1-patch1 (including)
Php	Php	4.0.1-patch2 (including)	4.0.1-patch2 (including)
Php	Php	4.0.2 (including)	4.0.2 (including)
Php	Php	4.0.3 (including)	4.0.3 (including)
Php	Php	4.0.3-patch1 (including)	4.0.3-patch1 (including)
Php	Php	4.0.4 (including)	4.0.4 (including)
Php	Php	4.0.4-patch1 (including)	4.0.4-patch1 (including)
Php	Php	4.0.5 (including)	4.0.5 (including)
Php	Php	4.0.6 (including)	4.0.6 (including)
Php	Php	4.0.7 (including)	4.0.7 (including)
Php	Php	4.0.7-rc1 (including)	4.0.7-rc1 (including)
Php	Php	4.0.7-rc2 (including)	4.0.7-rc2 (including)
Php	Php	4.0.7-rc3 (including)	4.0.7-rc3 (including)
Php	Php	4.1.0 (including)	4.1.0 (including)
Php	Php	4.1.1 (including)	4.1.1 (including)
Php	Php	4.1.2 (including)	4.1.2 (including)
Php	Php	4.2 (including)	4.2 (including)
Php	Php	4.2.0 (including)	4.2.0 (including)
Php	Php	4.2.1 (including)	4.2.1 (including)
Php	Php	4.2.2 (including)	4.2.2 (including)
Php	Php	4.2.3 (including)	4.2.3 (including)
Php	Php	4.3.0 (including)	4.3.0 (including)
Php	Php	4.3.1 (including)	4.3.1 (including)
Php	Php	4.3.2 (including)	4.3.2 (including)
Php	Php	4.3.3 (including)	4.3.3 (including)
Php	Php	4.3.4 (including)	4.3.4 (including)
Php	Php	4.3.5 (including)	4.3.5 (including)
Php	Php	4.3.6 (including)	4.3.6 (including)
Php	Php	4.3.7 (including)	4.3.7 (including)
Php	Php	4.3.8 (including)	4.3.8 (including)
Php	Php	4.3.9 (including)	4.3.9 (including)
Php	Php	4.3.10 (including)	4.3.10 (including)
Php	Php	4.3.11 (including)	4.3.11 (including)
Php	Php	4.4.0 (including)	4.4.0 (including)
Php	Php	4.4.1 (including)	4.4.1 (including)
Php	Php	4.4.2 (including)	4.4.2 (including)
Php	Php	4.4.3 (including)	4.4.3 (including)
Php	Php	4.4.4 (including)	4.4.4 (including)
Php	Php	5.0-rc1 (including)	5.0-rc1 (including)
Php	Php	5.0-rc2 (including)	5.0-rc2 (including)
Php	Php	5.0-rc3 (including)	5.0-rc3 (including)
Php	Php	5.0.0 (including)	5.0.0 (including)
Php	Php	5.0.0-beta1 (including)	5.0.0-beta1 (including)
Php	Php	5.0.0-beta2 (including)	5.0.0-beta2 (including)
Php	Php	5.0.0-beta3 (including)	5.0.0-beta3 (including)
Php	Php	5.0.0-beta4 (including)	5.0.0-beta4 (including)
Php	Php	5.0.0-rc1 (including)	5.0.0-rc1 (including)
Php	Php	5.0.0-rc2 (including)	5.0.0-rc2 (including)
Php	Php	5.0.0-rc3 (including)	5.0.0-rc3 (including)
Php	Php	5.0.1 (including)	5.0.1 (including)
Php	Php	5.0.2 (including)	5.0.2 (including)
Php	Php	5.0.3 (including)	5.0.3 (including)
Php	Php	5.0.4 (including)	5.0.4 (including)
Php	Php	5.0.5 (including)	5.0.5 (including)
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php	Php	5.1.3 (including)	5.1.3 (including)
Php	Php	5.1.4 (including)	5.1.4 (including)
Php	Php	5.1.5 (including)	5.1.5 (including)
Php	Php	5.1.6 (including)	5.1.6 (including)
Php	Php	5.2.0 (including)	5.2.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1380
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References