CVE-2008-1384 : Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly h

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

Published 2008-03-27 17:44:00

Updated 2018-10-11 20:33:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Threat overview for CVE-2008-1384

Top countries where our scanners detected CVE-2008-1384

Top open port discovered on systems with this issue 80

IPs affected by CVE-2008-1384 10,010

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-1384!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-1384

Probability of exploitation activity in the next 30 days: 1.62%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-1384

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2008-1384

CWE-189

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-1384

Red Hat 2008-03-28

Red Hat do not consider this to be a security vulnerability: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1384

References for CVE-2008-1384

http://www.securityfocus.com/bid/28392
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178

CVEs referencing this url
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

CVEs referencing this url
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
http://securityreason.com/achievement_securityalert/52

Exploit
http://security.gentoo.org/glsa/glsa-200811-05.xml

PHP: Multiple vulnerabilities (GLSA 200811-05) — Gentoo security

CVEs referencing this url
https://issues.rpath.com/browse/RPL-2503

CVEs referencing this url
http://www.securityfocus.com/archive/1/489962/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

[security-announce] SUSE Security Summary Report SUSE-SR:2008:014 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
http://www.debian.org/security/2008/dsa-1572

CVEs referencing this url
http://www.securityfocus.com/archive/1/492535/100/0/threaded

CVEs referencing this url
http://www.securityfocus.com/archive/1/492671/100/0/threaded

CVEs referencing this url
http://www.ubuntu.com/usn/usn-628-1

USN-628-1: PHP vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

CVEs referencing this url

Products affected by CVE-2008-1384

PHP » PHP
Versions up to, including, (<=) 5.2.5
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions