VDB
CVE-2008-1384
CVE-2008-1384
PUBLISHED
CVSS 5 MEDIUM
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).
EPSS 2.69% · 86.2th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
2.69%
86.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| php | php | 0 |
Exploit Intelligence
- 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (circl)
- SUSE-SR:2008:014 (circl)
- 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow (circl)
- 32746 (circl)
- GLSA-200811-05 (circl)
- http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup (circl)
- DSA-1572 (circl)
- 30345 (circl)
- USN-628-1 (circl)
- 30967 (circl)
…and 16 more exploits
Timeline
- Mar 27, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl mailing-list
- 20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow mailing-list
- 32746 third-party-advisory
- GLSA-200811-05 vendor-advisory
- http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup url
- DSA-1572 vendor-advisory
- 30345 third-party-advisory
- USN-628-1 vendor-advisory
- 30967 third-party-advisory
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 url
- php-phpsprintfappendstring-overflow(41386) vdb
- 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql mailing-list
- 30411 third-party-advisory
- 30158 third-party-advisory
- MDVSA-2009:023 vendor-advisory
- MDVSA-2009:022 vendor-advisory
- 28392 vdb
- 31200 third-party-advisory
- SUSE-SR:2008:014 vendor-advisory
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178 url
…and 3 more