CVE-2007-1380

N/A Unknown

Published: March 10, 2007 Modified: April 23, 2026

Description

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

Source: cve@mitre.org

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

Source: cve@mitre.org

http://secunia.com/advisories/24514

Source: cve@mitre.org

http://secunia.com/advisories/24606

Source: cve@mitre.org

http://secunia.com/advisories/25025

Source: cve@mitre.org

http://secunia.com/advisories/25056

Source: cve@mitre.org

http://secunia.com/advisories/25057

Source: cve@mitre.org

http://secunia.com/advisories/25062

Source: cve@mitre.org

http://secunia.com/advisories/25423

Source: cve@mitre.org

http://secunia.com/advisories/25850

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200703-21.xml

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1282

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1283

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_32_php.html

Source: cve@mitre.org

http://www.php-security.org/MOPB/MOPB-10-2007.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/22805

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-455-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1991

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2374

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3413

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

Source: af854a3a-2127-422b-91ae-364da2661108

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24514

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24606

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25025

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25056

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25057

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25062

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25423

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25850

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200703-21.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1282

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1283

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2007_32_php.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.php-security.org/MOPB/MOPB-10-2007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/22805

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-455-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/1991

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/2374

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3413

Source: af854a3a-2127-422b-91ae-364da2661108

44 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

14.2%

94th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

php