CVE-2007-1285

Published: 06 March 2007

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Priority

Unknown

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
kees
crash only, no code execution.  input needs to be validated by application.

References