CVE-2007-1521 - Vulnerability Details - OpenCVE

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/24505
http://secunia.com/advisories/25025
http://secunia.com/advisories/25056
http://secunia.com/advisories/25057
http://secunia.com/advisories/25062
http://secunia.com/advisories/25445
http://secunia.com/advisories/26235
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.debian.org/security/2007/dsa-1282
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-22-2007.html
http://www.securityfocus.com/bid/22968
http://www.securityfocus.com/bid/25159
http://www.ubuntu.com/usn/usn-455-1
http://www.vupen.com/english/advisories/2007/0960
http://www.vupen.com/english/advisories/2007/2732

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-20T20:00:00

Updated: 2024-08-07T12:59:08.391Z

Reserved: 2007-03-20T00:00:00

Link: CVE-2007-1521

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-20T20:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1521

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-03-31T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-0960", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0960"}, {"name": "ADV-2007-2732", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2732"}, {"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25056"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "24505", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24505"}, {"name": "APPLE-SA-2007-07-31", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"}, {"name": "GLSA-200705-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://us2.php.net/releases/4_4_7.php"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25062"}, {"name": "USN-455-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "DSA-1282", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1282"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://us2.php.net/releases/5_2_2.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306172"}, {"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-22-2007.html"}, {"name": "25159", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25159"}, {"name": "25445", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25445"}, {"name": "25057", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25057"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"name": "25025", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25025"}, {"name": "22968", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22968"}, {"name": "26235", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26235"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1521", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-0960", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0960"}, {"name": "ADV-2007-2732", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2732"}, {"name": "25056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25056"}, {"name": "DSA-1283", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "24505", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24505"}, {"name": "APPLE-SA-2007-07-31", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"}, {"name": "GLSA-200705-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"}, {"name": "http://us2.php.net/releases/4_4_7.php", "refsource": "CONFIRM", "url": "http://us2.php.net/releases/4_4_7.php"}, {"name": "25062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25062"}, {"name": "USN-455-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "DSA-1282", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1282"}, {"name": "http://us2.php.net/releases/5_2_2.php", "refsource": "CONFIRM", "url": "http://us2.php.net/releases/5_2_2.php"}, {"name": "http://docs.info.apple.com/article.html?artnum=306172", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306172"}, {"name": "http://www.php-security.org/MOPB/MOPB-22-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-22-2007.html"}, {"name": "25159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25159"}, {"name": "25445", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25445"}, {"name": "25057", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25057"}, {"name": "SUSE-SA:2007:032", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"name": "25025", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25025"}, {"name": "22968", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22968"}, {"name": "26235", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26235"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:59:08.391Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-0960", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0960"}, {"name": "ADV-2007-2732", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2732"}, {"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25056"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "24505", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24505"}, {"name": "APPLE-SA-2007-07-31", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"}, {"name": "GLSA-200705-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://us2.php.net/releases/4_4_7.php"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25062"}, {"name": "USN-455-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "DSA-1282", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1282"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://us2.php.net/releases/5_2_2.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=306172"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.php-security.org/MOPB/MOPB-22-2007.html"}, {"name": "25159", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25159"}, {"name": "25445", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25445"}, {"name": "25057", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25057"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"name": "25025", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25025"}, {"name": "22968", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22968"}, {"name": "26235", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26235"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1521", "datePublished": "2007-03-20T20:00:00", "dateReserved": "2007-03-20T00:00:00", "dateUpdated": "2024-08-07T12:59:08.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEE12690-B08D-4AB2-8092-013DE1A33C4C", "versionEndIncluding": "5.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation."}, {"lang": "es", "value": "Una vulnerabilidad de doble liberaci\u00f3n en PHP versiones anteriores a 4.4.7, y versiones 5.x anteriores a 5.2.2, permite a atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario mediante la interrupci\u00f3n de la funci\u00f3n session_regenerate_id, como es demostrado mediante la llamada de un manejador de errores de espacio de usuario o desencadenando una violaci\u00f3n de l\u00edmite de memoria."}], "id": "CVE-2007-1521", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-20T20:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=306172"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24505"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25025"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25056"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25057"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25062"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25445"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26235"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"}, {"source": "cve@mitre.org", "url": "http://us2.php.net/releases/4_4_7.php"}, {"source": "cve@mitre.org", "url": "http://us2.php.net/releases/5_2_2.php"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1282"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-22-2007.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22968"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25159"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0960"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=306172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://us2.php.net/releases/4_4_7.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://us2.php.net/releases/5_2_2.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-22-2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0960"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2732"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "The PHP interpreter does not offer a reliable "sandboxed" security\nlayer (as found in, say, a JVM) in which untrusted scripts can be run;\nany script run by the PHP interpreter must be trusted with the\nprivileges of the interpreter itself. We therefore do not classify\nthis issue as security-sensitive since no trust boundary is crossed.\n", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}