Description

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

Remediation

References

CVE-2007-1888

Related Vulnerabilities

WordPress Plugin Unite Gallery Lite Multiple Vulnerabilities (1.4.6)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-3141)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-8390)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28347)

WordPress Plugin Complianz-GDPR/CCPA Cookie Consent Cross-Site Scripting (6.4.1)

Severity

High

Classification

CVE-2007-1888

Tags

Missing Update Known Vulnerabilities