Description

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

Remediation

References

CVE-2007-1521

Related Vulnerabilities

WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8657)

WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)

Joomla CVE-2021-23128 Vulnerability (CVE-2021-23128)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1835)

Severity

Medium

Classification

CVE-2007-1521

Tags

Missing Update Known Vulnerabilities