CVE-2007-4659

Publication date 4 September 2007

Last updated 24 July 2024

Description

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	7.10 gutsy	Ignored end of life
	7.04 feisty	Ignored end of life
	6.10 edgy	Ignored end of life
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

kees

205-zend_alter_ini_entry-fix.patch seems to break commandline ini config

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4659