CVE-2007-3294 - OpenCVE

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/36853
http://secunia.com/advisories/25735	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34931
https://www.exploit-db.com/exploits/4080

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-20T21:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2007-06-20T00:00:00

Link: CVE-2007-3294

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-20T21:30:00.000

Modified: 2017-10-11T01:32:44.613

Link: CVE-2007-3294

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25735", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25735"}, {"name": "36853", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36853"}, {"name": "php-tidy-parsestring-bo(34931)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34931"}, {"name": "4080", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4080"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3294", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25735", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25735"}, {"name": "36853", "refsource": "OSVDB", "url": "http://osvdb.org/36853"}, {"name": "php-tidy-parsestring-bo(34931)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34931"}, {"name": "4080", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4080"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3294", "datePublished": "2007-06-20T21:00:00", "dateReserved": "2007-06-20T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en libtidy, como es usado en la extensi\u00f3n Tidy para PHP versi\u00f3n 5.2.3 y posiblemente otros productos, permiten a atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de (1) un segundo argumento largo en la funci\u00f3n tidy_parse_string o (2) un vector no especificado en la funci\u00f3n tidy_repair_string. NOTA: esto solo puede ser un problema en entornos donde vsnprintf se implementa como un contenedor para vsprintf."}], "id": "CVE-2007-3294", "lastModified": "2017-10-11T01:32:44.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-20T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36853"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25735"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34931"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4080"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. PHP is not complied with the tidy library as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack v1 or v2.", "lastModified": "2007-09-28T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}