CVE Vulnerabilities

CVE-2007-1521

Published: Mar 20, 2007 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

Affected Software 

Name Vendor Start Version End Version
Php Php * 5.2.1 (including)
Php5 Ubuntu dapper *
Php5 Ubuntu devel *
Php5 Ubuntu edgy *
Php5 Ubuntu feisty *

References