Vulnerability-Lookup

CVE-2008-2050 (GCVE-0-2008-2050)

Vulnerability from cvelistv5 – Published: 2008-05-05 17:00 – Updated: 2024-08-07 08:49

Summary

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.vupen.com/english/advisories/2008/1412	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/492535/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/32746	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30083	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://security.gentoo.org/glsa/glsa-200811-05.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/29009	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/2268	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1572	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/30345	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-628-1	vendor-advisoryx_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/30967	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/05/02/2	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/30158	third-party-advisoryx_refsource_SECUNIA
	http://www.php.net/ChangeLog-5.php	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/31200	third-party-advisoryx_refsource_SECUNIA
	http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fa…	x_refsource_CONFIRM
	http://www.slackware.com/security/viewer.php?l=sl…	vendor-advisoryx_refsource_SLACKWARE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/31326	third-party-advisoryx_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-2503	x_refsource_CONFIRM
	http://secunia.com/advisories/30048	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:57.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-1412",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1412"
          },
          {
            "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
          },
          {
            "name": "32746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32746"
          },
          {
            "name": "30083",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30083"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "GLSA-200811-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
          },
          {
            "name": "29009",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29009"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "DSA-1572",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1572"
          },
          {
            "name": "30345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30345"
          },
          {
            "name": "USN-628-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-628-1"
          },
          {
            "name": "php-fastcgisapi-bo(42133)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
          },
          {
            "name": "30967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
          },
          {
            "name": "[oss-security] 20080502 CVE Request (PHP)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
          },
          {
            "name": "30158",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "MDVSA-2009:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
          },
          {
            "name": "MDVSA-2009:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
          },
          {
            "name": "31200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
          },
          {
            "name": "SSA:2008-128-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
          },
          {
            "name": "SUSE-SR:2008:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2503"
          },
          {
            "name": "30048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2008-1412",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1412"
        },
        {
          "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
        },
        {
          "name": "32746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32746"
        },
        {
          "name": "30083",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30083"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "GLSA-200811-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
        },
        {
          "name": "29009",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29009"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "DSA-1572",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1572"
        },
        {
          "name": "30345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30345"
        },
        {
          "name": "USN-628-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-628-1"
        },
        {
          "name": "php-fastcgisapi-bo(42133)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
        },
        {
          "name": "30967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
        },
        {
          "name": "[oss-security] 20080502 CVE Request (PHP)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
        },
        {
          "name": "30158",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php"
        },
        {
          "name": "MDVSA-2009:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
        },
        {
          "name": "MDVSA-2009:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
        },
        {
          "name": "31200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
        },
        {
          "name": "SSA:2008-128-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
        },
        {
          "name": "SUSE-SR:2008:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2503"
        },
        {
          "name": "30048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30048"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2050",
    "datePublished": "2008-05-05T17:00:00.000Z",
    "dateReserved": "2008-05-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:49:57.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-388

Vulnerability from certfr_avis - Published: 2008-08-01 - Updated: 2008-08-01

Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :

Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.

Solution

Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.4.11 ;
N/A	N/A	Mac OS X Server 10.4 ;
N/A	N/A	Mac OS X 10.5.4.
N/A	N/A	Mac OS X Server 10.5 ;

References

Title

Publication Time

GSD-2008-2050

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

Aliases

CVE-2008-2050

Aliases

CVE-2008-2050

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2050",
    "description": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.",
    "id": "GSD-2008-2050",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2050.html",
      "https://www.debian.org/security/2008/dsa-1572"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2050"
      ],
      "details": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.",
      "id": "GSD-2008-2050",
      "modified": "2023-12-13T01:23:01.257513Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-2050",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.php.net/ChangeLog-5.php",
            "refsource": "MISC",
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
          },
          {
            "name": "http://secunia.com/advisories/30967",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30967"
          },
          {
            "name": "http://secunia.com/advisories/31200",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31200"
          },
          {
            "name": "http://secunia.com/advisories/32746",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32746"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200811-05.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-628-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-628-1"
          },
          {
            "name": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u",
            "refsource": "MISC",
            "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "http://secunia.com/advisories/30048",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30048"
          },
          {
            "name": "http://secunia.com/advisories/30083",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30083"
          },
          {
            "name": "http://secunia.com/advisories/30158",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30158"
          },
          {
            "name": "http://secunia.com/advisories/30345",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30345"
          },
          {
            "name": "http://secunia.com/advisories/31326",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
          },
          {
            "name": "http://www.debian.org/security/2008/dsa-1572",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2008/dsa-1572"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2008/05/02/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/492535/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/29009",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/29009"
          },
          {
            "name": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951",
            "refsource": "MISC",
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/1412",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/1412"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2268",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-2503",
            "refsource": "MISC",
            "url": "https://issues.rpath.com/browse/RPL-2503"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-2050"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "[oss-security] 20080502 CVE Request (PHP)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2503",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-2503"
            },
            {
              "name": "29009",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/29009"
            },
            {
              "name": "30048",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30048"
            },
            {
              "name": "30345",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30345"
            },
            {
              "name": "30967",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30967"
            },
            {
              "name": "31200",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31200"
            },
            {
              "name": "SUSE-SR:2008:014",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
            },
            {
              "name": "USN-628-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-628-1"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "DSA-1572",
              "refsource": "DEBIAN",
              "tags": [
                "Patch"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1572"
            },
            {
              "name": "30158",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30158"
            },
            {
              "name": "30083",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30083"
            },
            {
              "name": "MDVSA-2009:023",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
            },
            {
              "name": "MDVSA-2009:022",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "ADV-2008-1412",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1412"
            },
            {
              "name": "32746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32746"
            },
            {
              "name": "GLSA-200811-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
            },
            {
              "name": "SSA:2008-128-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
            },
            {
              "name": "php-fastcgisapi-bo(42133)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
            },
            {
              "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:19Z",
      "publishedDate": "2008-05-05T17:20Z"
    }
  }
}

FKIE_CVE-2008-2050

Vulnerability from fkie_nvd - Published: 2008-05-05 17:20 - Updated: 2025-04-09 00:30

Severity ?

Summary

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

References

URL	Tags
secalert@redhat.com	http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u	Exploit
secalert@redhat.com	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
secalert@redhat.com	http://secunia.com/advisories/30048	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/30083	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/30158	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/30345	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/30967	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31200	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31326	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32746
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200811-05.xml
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1572	Patch
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/05/02/2
secalert@redhat.com	http://www.php.net/ChangeLog-5.php	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/492535/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/29009	Patch
secalert@redhat.com	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
secalert@redhat.com	http://www.ubuntu.com/usn/usn-628-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1412	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2268	Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/42133
secalert@redhat.com	https://issues.rpath.com/browse/RPL-2503
af854a3a-2127-422b-91ae-364da2661108	http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30048	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30083	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30158	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30345	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30967	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31200	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32746
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200811-05.xml
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1572	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/05/02/2
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/ChangeLog-5.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492535/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29009	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-628-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1412	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42133
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2503

Impacted products

Vendor	Product	Version
php	php	*
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18255FF5-3F40-483F-85DC-21D9B6B4FE07",
              "versionEndIncluding": "5.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el FastCGI SAPI (fastcgi.c) en PHP en versiones anteriores a 5.2.6 tiene impacto y vectores de ataque desconocidos."
    }
  ],
  "id": "CVE-2008-2050",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-05T17:20:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30048"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30083"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30158"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30345"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31200"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32746"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1572"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29009"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-628-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1412"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-628-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2503"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue does not affect the version of PHP shipped in Red Hat Enterprise Linux 2.1, 3, or 4.\n\nWe do not consider this issue to be a security flaw for Red Hat Enterprise Linux 5 since no trust boundary is crossed.  More information can be found here:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050",
      "lastModified": "2008-05-22T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W79F-6V3G-V46X

Vulnerability from github – Published: 2022-05-01 23:46 – Updated: 2022-05-01 23:46

Details

Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-05T17:20:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.",
  "id": "GHSA-w79f-6v3g-v46x",
  "modified": "2022-05-01T23:46:09Z",
  "published": "2022-05-01T23:46:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2050"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2008-2050"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445002"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2503"
    },
    {
      "type": "WEB",
      "url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44\u0026r2=1.45\u0026diff_format=u"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30048"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30083"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30158"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30345"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31200"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32746"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1572"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29009"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-628-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1412"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2050 (GCVE-0-2008-2050)

CERTA-2008-AVI-388

Description

Solution

GSD-2008-2050

FKIE_CVE-2008-2050

GHSA-W79F-6V3G-V46X

Tags

Sightings

Nomenclature