CVE-2008-2107

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DSA-1789-1 RHSA-2008:0505 RHSA-2008:0544 RHSA-2008:0545 RHSA-2008:0546 RHSA-2008:0582

Modified

Published: 07 May 2008, 21:00

Last modified:07 Aug 2024, 08:49

Vulnerability Summary

Overall Risk (default)

medium

41/100

CVSS Score

7.5 HIGH

v2.0 (nvd)

EPSS Score

3.09% LOW

3% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

07 May 2008, 21:00

Published

Vulnerability first disclosed

07 Aug 2024, 08:49

Last Modified

Vulnerability information updated

Description

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

CVSS Metrics

v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 3.09%• Percentile: 87%

Techniques & Countermeasures

CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

Unknown•PHP
≤ 4.4.7 | 5 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.0 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.2.0 | 5.2.1 | 5.2.2 | 5.2.3 | 5.2.4