CVE-2007-3806

N/A Unknown

Published: July 17, 2007 Modified: April 23, 2026

Description

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167

Source: cve@mitre.org

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log

Source: cve@mitre.org

http://osvdb.org/36085

Source: cve@mitre.org

http://secunia.com/advisories/26085

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26642

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27102

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30158

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30288

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2008/dsa-1572

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1578

Source: cve@mitre.org

http://www.exploit-db.com/exploits/4181

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

Source: cve@mitre.org

http://www.php.net/ChangeLog-5.php#5.2.4

Source: cve@mitre.org

http://www.php.net/releases/5_2_4.php

Source: cve@mitre.org

http://www.securityfocus.com/bid/24922

Source: cve@mitre.org

http://www.securityfocus.com/bid/25498

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2547

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/35437

Source: cve@mitre.org

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167

Source: af854a3a-2127-422b-91ae-364da2661108

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36085

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26085

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/26642

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27102

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/30158

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/30288

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2008/dsa-1572

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1578

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/4181

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.php.net/ChangeLog-5.php#5.2.4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.php.net/releases/5_2_4.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24922

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25498

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/2547

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/35437

Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

5.2%

90th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-20 CWE-399

Affected Vendors

php

Related CVEs

CVE-2021-47981 5.4

CVE-2021-47980 7.1

CVE-2021-47979 8.8

CVE-2021-47978 6.2

CVE-2021-47977 7.5