CVE-2007-1522: Double Free
First published: Tue Mar 20 2007(Updated: )
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | =5.2.0 | |
| PHP | =5.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-1522?
CVE-2007-1522 has a severity rating that indicates a potential for arbitrary code execution.
How do I fix CVE-2007-1522?
To fix CVE-2007-1522, you should upgrade to a version of PHP later than 5.2.1.
Which versions of PHP are affected by CVE-2007-1522?
CVE-2007-1522 affects PHP versions 5.2.0 and 5.2.1.
What kind of vulnerability is CVE-2007-1522?
CVE-2007-1522 is classified as a double free vulnerability.
Who can exploit CVE-2007-1522?
CVE-2007-1522 can be exploited by context-dependent attackers.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/php
- canonical/php
- version/php/5.2.0
- version/php/5.2.1