CVE-2007-4783 — Vulnetix

CVE-2007-4783 PUBLISHED

Reported by mitre · Published September 10, 2007

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a, n/a

Timeline

Sep 10, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Oct 30, 2023 EPSS Score

References

3115 third-party-advisoryx_refsource_SREASON
x_refsource_CONFIRM
GLSA-200710-02 vendor-advisoryx_refsource_GENTOO
20070905 PHP <=5.2.4 iconv_substr() denial of service mailing-listx_refsource_BUGTRAQ
30040 third-party-advisoryx_refsource_SECUNIA
27659 third-party-advisoryx_refsource_SECUNIA
SSRT080056 vendor-advisoryx_refsource_HP
x_refsource_CONFIRM
27102 third-party-advisoryx_refsource_SECUNIA
38917 vdb-entryx_refsource_OSVDB

Open in Interactive Console →