CVE-2008-2050

CVSS V2 High 10 CVSS V3 None

Description

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

Overview

CVE ID
CVE-2008-2050

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2008-05-05T17:20:00

Last Modified Date
2023-02-13T02:19:04

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:php:php::::::::	1	OR	5.2.5
cpe:2.3:a:php:php:5.0.0:beta1::::::	1	OR
cpe:2.3:a:php:php:5.0.0:beta2::::::	1	OR
cpe:2.3:a:php:php:5.0.0:beta3::::::	1	OR
cpe:2.3:a:php:php:5.0.0:beta4::::::	1	OR
cpe:2.3:a:php:php:5.0.0:rc1::::::	1	OR
cpe:2.3:a:php:php:5.0.0:rc2::::::	1	OR
cpe:2.3:a:php:php:5.0.0:rc3::::::	1	OR
cpe:2.3:a:php:php:5.0.1:::::::*	1	OR
cpe:2.3:a:php:php:5.0.2:::::::*	1	OR
cpe:2.3:a:php:php:5.0.3:::::::*	1	OR
cpe:2.3:a:php:php:5.0.4:::::::*	1	OR
cpe:2.3:a:php:php:5.0.5:::::::*	1	OR
cpe:2.3:a:php:php:5.1.0:::::::*	1	OR
cpe:2.3:a:php:php:5.1.1:::::::*	1	OR
cpe:2.3:a:php:php:5.1.2:::::::*	1	OR
cpe:2.3:a:php:php:5.1.3:::::::*	1	OR
cpe:2.3:a:php:php:5.1.4:::::::*	1	OR
cpe:2.3:a:php:php:5.1.5:::::::*	1	OR
cpe:2.3:a:php:php:5.1.6:::::::*	1	OR
cpe:2.3:a:php:php:5.2.0:::::::*	1	OR
cpe:2.3:a:php:php:5.2.1:::::::*	1	OR
cpe:2.3:a:php:php:5.2.2:::::::*	1	OR
cpe:2.3:a:php:php:5.2.3:::::::*	1	OR
cpe:2.3:a:php:php:5.2.4:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
10

Severity
HIGH

Exploitability Score
10

Impact Score
10

References

Reference URL	Reference Tags
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u	Exploit
http://www.php.net/ChangeLog-5.php	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
https://issues.rpath.com/browse/RPL-2503
http://www.securityfocus.com/bid/29009	Patch
http://secunia.com/advisories/30048	Vendor Advisory
http://secunia.com/advisories/30345	Vendor Advisory
http://secunia.com/advisories/30967	Vendor Advisory
http://secunia.com/advisories/31200	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.ubuntu.com/usn/usn-628-1
http://secunia.com/advisories/31326	Vendor Advisory
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://www.debian.org/security/2008/dsa-1572	Patch
http://secunia.com/advisories/30158	Vendor Advisory
http://secunia.com/advisories/30083	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.vupen.com/english/advisories/2008/2268	Vendor Advisory
http://www.vupen.com/english/advisories/2008/1412	Vendor Advisory
http://secunia.com/advisories/32746
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
https://exchange.xforce.ibmcloud.com/vulnerabilities/42133
http://www.securityfocus.com/archive/1/492535/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-2050
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:29:03				Added to TrackCVE
2023-02-02 21:01:58		2023-02-02T19:15:35	CVE Modified Date	updated
2023-02-02 21:01:58	Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.	CVE-2008-2050 php: stack based buffer overflow in FastCGI SAPI	Description	updated
2023-02-13 03:02:29		2023-02-13T02:19:04	CVE Modified Date	updated
2023-02-13 03:02:31	CVE-2008-2050 php: stack based buffer overflow in FastCGI SAPI	Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.	Description	updated