|
|
CVE Reference: CVE-2007-1888 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1888 |
|
|
Description: Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. |
|
|
CVE Status: Candidate |
|
|
References: VIM http://www.attrition.org/pipermail/vim/2007-April/001540.html UBUNTU http://www.ubuntu.com/usn/usn-455-1 SAID Secunia Advisory: SA25057 OSVDB 39177 MISC http://www.sqlite.org/cvstrac/rlog?f=sqlite/src/encode.c http://www.php-security.org/MOPB/MOPB-41-2007.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:091 |
|
| Return to the previous page. |
