JVN/CVE Demo: Cveinfos

CVE

Id: 33776
CVE No.: CVE-2008-3659
Status: Candidate
Description: Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Phase: Assigned (20080812)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
368306	33776	CVE-2008-3659	BUGTRAQ:20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl	View
368307	33776	CVE-2008-3659	URL:http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded	View
368308	33776	CVE-2008-3659	CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=234102	View
368309	33776	CVE-2008-3659	CONFIRM:http://news.php.net/php.cvs/52002	View
368310	33776	CVE-2008-3659	CONFIRM:http://www.php.net/archive/2008.php#id2008-08-07-1	View
368311	33776	CVE-2008-3659	MLIST:[oss-security] 20080808 CVE request: php-5.2.6 overflow issues	View
368312	33776	CVE-2008-3659	URL:http://www.openwall.com/lists/oss-security/2008/08/08/2	View
368313	33776	CVE-2008-3659	MLIST:[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues	View
368314	33776	CVE-2008-3659	URL:http://www.openwall.com/lists/oss-security/2008/08/08/3	View
368315	33776	CVE-2008-3659	MLIST:[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues	View
368316	33776	CVE-2008-3659	URL:http://www.openwall.com/lists/oss-security/2008/08/08/4	View
368317	33776	CVE-2008-3659	MLIST:[oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues	View
368318	33776	CVE-2008-3659	URL:http://www.openwall.com/lists/oss-security/2008/08/13/8	View
368319	33776	CVE-2008-3659	CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0035	View
368320	33776	CVE-2008-3659	CONFIRM:http://support.apple.com/kb/HT3549	View
368321	33776	CVE-2008-3659	APPLE:APPLE-SA-2009-05-12	View
368322	33776	CVE-2008-3659	URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	View
368323	33776	CVE-2008-3659	DEBIAN:DSA-1647	View
368324	33776	CVE-2008-3659	URL:http://www.debian.org/security/2008/dsa-1647	View
368325	33776	CVE-2008-3659	GENTOO:GLSA-200811-05	View
368326	33776	CVE-2008-3659	URL:http://security.gentoo.org/glsa/glsa-200811-05.xml	View
368327	33776	CVE-2008-3659	HP:HPSBUX02431	View
368328	33776	CVE-2008-3659	URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2	View
368329	33776	CVE-2008-3659	HP:SSRT090085	View
368330	33776	CVE-2008-3659	URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2	View
368331	33776	CVE-2008-3659	HP:HPSBUX02465	View
368332	33776	CVE-2008-3659	URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2	View
368333	33776	CVE-2008-3659	HP:SSRT090192	View
368334	33776	CVE-2008-3659	URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2	View
368335	33776	CVE-2008-3659	MANDRIVA:MDVSA-2009:021	View
368336	33776	CVE-2008-3659	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:021	View
368337	33776	CVE-2008-3659	MANDRIVA:MDVSA-2009:022	View
368338	33776	CVE-2008-3659	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:022	View
368339	33776	CVE-2008-3659	MANDRIVA:MDVSA-2009:023	View
368340	33776	CVE-2008-3659	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:023	View
368341	33776	CVE-2008-3659	MANDRIVA:MDVSA-2009:024	View
368342	33776	CVE-2008-3659	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:024	View
368343	33776	CVE-2008-3659	SUSE:SUSE-SR:2008:018	View
368344	33776	CVE-2008-3659	URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html	View
368345	33776	CVE-2008-3659	SUSE:SUSE-SR:2008:021	View
368346	33776	CVE-2008-3659	URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html	View
368347	33776	CVE-2008-3659	CERT:TA09-133A	View
368348	33776	CVE-2008-3659	URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html	View
368349	33776	CVE-2008-3659	OSVDB:47483	View
368350	33776	CVE-2008-3659	URL:http://osvdb.org/47483	View
368351	33776	CVE-2008-3659	SECTRACK:1020995	View
368352	33776	CVE-2008-3659	URL:http://www.securitytracker.com/id?1020995	View
368353	33776	CVE-2008-3659	SECUNIA:32148	View
368354	33776	CVE-2008-3659	URL:http://secunia.com/advisories/32148	View
368355	33776	CVE-2008-3659	SECUNIA:32316	View
368356	33776	CVE-2008-3659	URL:http://secunia.com/advisories/32316	View
368357	33776	CVE-2008-3659	SECUNIA:31982	View
368358	33776	CVE-2008-3659	URL:http://secunia.com/advisories/31982	View
368359	33776	CVE-2008-3659	SECUNIA:35074	View
368360	33776	CVE-2008-3659	URL:http://secunia.com/advisories/35074	View
368361	33776	CVE-2008-3659	SECUNIA:35650	View
368362	33776	CVE-2008-3659	URL:http://secunia.com/advisories/35650	View
368363	33776	CVE-2008-3659	SECUNIA:32746	View
368364	33776	CVE-2008-3659	URL:http://secunia.com/advisories/32746	View
368365	33776	CVE-2008-3659	VUPEN:ADV-2008-2336	View
368366	33776	CVE-2008-3659	URL:http://www.vupen.com/english/advisories/2008/2336	View
368367	33776	CVE-2008-3659	VUPEN:ADV-2009-1297	View
368368	33776	CVE-2008-3659	URL:http://www.vupen.com/english/advisories/2009/1297	View
368369	33776	CVE-2008-3659	XF:php-memnstr-bo(44405)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
46958	JVNDB-2008-002268	SquirrelMail におけるクッキーを取得される脆弱性	SquirrelMail には、https セッション内のセッションクッキーに対する secure フラグがセットされないため、クッキーを取得されやすくなる脆弱性が存在します。	CVE-2008-3663	33776	5		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002268.html	View

Message	Memory use
Component initialization	1.41 MB
Controller action start	1.52 MB
Controller render start	2.39 MB
View render complete	2.90 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	44.20
Event: Controller.initialize	0.03
Event: Controller.startup	0.41
Controller action	426.17
Event: Controller.beforeRender	5.99
» Processing toolbar data	5.90
Rendering View	27.53
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	25.27
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	1.33
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.39
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/33776
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/33776
Remote Port	52526
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.211
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.2.235.78
Http Via	1.1 squid-proxy-5b5d847c96-qsdzj (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.211
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.211
Unique Id	aS--wCTCuuX6r8pkFtj-9wAAAL0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.211
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.211
Redirect Unique Id	aS--wCTCuuX6r8pkFtj-9wAAAL0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.211
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.211
Redirect Redirect Unique Id	aS--wCTCuuX6r8pkFtj-9wAAAL0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1764736705.8942
Request Time	1764736705

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files