CVE-2008-1384

Publication date 27 March 2008

Last updated 24 July 2024

Ubuntu priority

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.3
	7.10 gutsy	Fixed 5.2.3-1ubuntu6.4
	7.04 feisty	Fixed 5.2.1-0ubuntu1.6
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.12

Notes

jdstrand

per Debian, needs a malicious script

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
php5	Vendor: http://www.debian.org/security/2008/dsa-1572

CVE-2008-1384

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references