The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1264-1 | New php4 packages fix several vulnerabilities |
![]() |
EUVD-2007-0982 | The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. |
![]() |
USN-424-1 | PHP vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-07T12:43:22.216Z
Reserved: 2007-02-16T00:00:00
Link: CVE-2007-0988

No data.

Status : Deferred
Published: 2007-02-20T17:28:00.000
Modified: 2025-04-09T00:30:58.490
Link: CVE-2007-0988


No data.