CVE-2002-1396 - OpenCVE

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php:4.1.2:::::::*
	cpe:2.3:a:php:php:4.2.0:::::::*
	cpe:2.3:a:php:php:4.2.1:::::::*
	cpe:2.3:a:php:php:4.2.2:::::::*
	cpe:2.3:a:php:php:4.2.3:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html
http://bugs.php.net/bug.php?id=20927	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=104102689503192&w=2
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019
http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html
http://www.redhat.com/support/errata/RHSA-2003-017.html
http://www.securityfocus.com/advisories/4862
http://www.securityfocus.com/bid/6488	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/10944

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2008-02-07T00:00:00

Reserved: 2003-01-07T00:00:00

Link: CVE-2002-1396

JSON object: View

NVD Information

Status : Modified

Published: 2003-01-17T05:00:00.000

Modified: 2018-05-03T01:29:18.460

Link: CVE-2002-1396

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-02-07T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "php-wordwrap-bo(10944)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944"}, {"name": "MDKSA-2003:019", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019"}, {"name": "6488", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6488"}, {"name": "RHSA-2003:017", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-017.html"}, {"name": "ESA-20030219-003", "tags": ["vendor-advisory", "x_refsource_ENGARDE"], "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html"}, {"name": "20021227 Buffer overflow in PHP \"wordwrap\" function", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104102689503192&w=2"}, {"name": "200301-8", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.securityfocus.com/advisories/4862"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.php.net/bug.php?id=20927"}, {"name": "SuSE-SA:2003:0009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1396", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "php-wordwrap-bo(10944)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944"}, {"name": "MDKSA-2003:019", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019"}, {"name": "6488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6488"}, {"name": "RHSA-2003:017", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-017.html"}, {"name": "ESA-20030219-003", "refsource": "ENGARDE", "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html"}, {"name": "20021227 Buffer overflow in PHP \"wordwrap\" function", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104102689503192&w=2"}, {"name": "200301-8", "refsource": "GENTOO", "url": "http://www.securityfocus.com/advisories/4862"}, {"name": "http://bugs.php.net/bug.php?id=20927", "refsource": "CONFIRM", "url": "http://bugs.php.net/bug.php?id=20927"}, {"name": "SuSE-SA:2003:0009", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1396", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-01-07T00:00:00", "dateUpdated": "2008-02-07T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en la pila en la funci\u00f3n wordwrap en PHP posteriores a 4.1.2 y anteriores a 4.3.0 puede permitir a atacantes causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2002-1396", "lastModified": "2018-05-03T01:29:18.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-01-17T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://bugs.php.net/bug.php?id=20927"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104102689503192&w=2"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-017.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/advisories/4862"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/6488"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}