阿里云漏洞库

CVE编号

CVE-2008-1384

利用情况

暂无

补丁情况

官方补丁

披露时间

2008-03-28

在PHP5.2.5和更早的时候，整数溢出允许依赖于上下文的攻击者导致拒绝服务，并且可能通过具有大宽度说明符的printf格式参数产生未指定的其他影响，这与格式化_print.c中的php_sprintf_appendstring函数以及格式化字符串的其他函数（也就是aka*printf函数）有关。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30158
http://secunia.com/advisories/30345
http://secunia.com/advisories/30411
http://secunia.com/advisories/30967
http://secunia.com/advisories/31200
http://secunia.com/advisories/32746
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://securityreason.com/achievement_securityalert/52
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
http://www.debian.org/security/2008/dsa-1572
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.securityfocus.com/archive/1/489962/100/0/threaded
http://www.securityfocus.com/archive/1/492535/100/0/threaded
http://www.securityfocus.com/archive/1/492671/100/0/threaded
http://www.securityfocus.com/bid/28392
http://www.ubuntu.com/usn/usn-628-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/41386
https://issues.rpath.com/browse/RPL-2503

CWE-ID	漏洞类型
CWE-189	数值错误