Skip to main content

CVE-2007-1717

Severity Medium
Score 5/10

Summary

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

References

Advisory Timeline

  • Published