What is CVE-2007-1286?

CVE-2007-1286 is a vulnerability in N/a. Published 2007-03-06.

Is CVE-2007-1286 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2007-1286

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

EPSS: 0.861 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

2007-0009 (vendor-advisory, x_refsource_TRUSTIX)
ADV-2007-1991 (vdb-entry, x_refsource_VUPEN)
DSA-1283 (vendor-advisory, x_refsource_DEBIAN)
SSRT071423 (x_refsource_HP, vendor-advisory)
24606 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2007:0154 (x_refsource_REDHAT, vendor-advisory)
20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (mailing-list, x_refsource_BUGTRAQ)
GLSA-200705-19 (vendor-advisory, x_refsource_GENTOO)
24941 (x_refsource_SECUNIA, third-party-advisory)
HPSBTU02232 (x_refsource_HP, vendor-advisory)

Frequently asked questions

What is CVE-2007-1286?: CVE-2007-1286 is a vulnerability in N/a. Published 2007-03-06.
Is CVE-2007-1286 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.