CVE-2008-5557

Exp

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.

Published: 2008-12-23 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2008-5557 is rated High Exploit Risk (82.8/100): CVSS Critical severity, with high exploitation likelihood (EPSS 7.37%, 94th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2008-5557

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2008-5557

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 29.70% 7.37% -22.33%
2 2025-12-28 23.18% 29.70% +6.52%
3 2025-12-27 23.18%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-5557

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2008-5557

OS Trackers for CVE-2008-5557

vendor priority summary link
gentoo high CVE-2008-5557: 1 GLSA(s) (201001-03), 1 atom(s) (dev-lang/php); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-5557
redhat medium https://access.redhat.com/security/cve/CVE-2008-5557
ubuntu medium CVE-2008-5557 medium priority: Ubuntu including 2 source packages (php4, php5), 14 status rows across 7 suites (dapper, gutsy, hardy, intrepid, jaunty, karmic, upstream): DNE 5, released 5, not-affected 2, ignored 1, needs-triage 1. https://ubuntu.com/security/CVE-2008-5557

Affected software / configurations for CVE-2008-5557

Vendor Product Version Raw CPE
php php 4.3.0 cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
php php 4.3.1 cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
php php 4.3.2 cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
php php 4.3.3 cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
php php 4.3.4 cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
php php 4.3.5 cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
php php 4.3.6 cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
php php 4.3.7 cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
php php 4.3.8 cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
php php 4.3.9 cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
php php 4.3.10 cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
php php 4.3.11 cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
php php 4.4.0 cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
php php 4.4.1 cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
php php 4.4.2 cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
php php 4.4.3 cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
php php 4.4.4 cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
php php 4.4.5 cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*
php php 4.4.6 cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*
php php 4.4.7 cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*
php php 4.4.8 cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*
php php 4.4.9 cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
php php 5.0.1 cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
php php 5.0.2 cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
php php 5.0.3 cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
php php 5.0.4 cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
php php 5.0.5 cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
php php 5.1.0 cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
php php 5.1.1 cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
php php 5.1.2 cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
php php 5.1.3 cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
php php 5.1.4 cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
php php 5.1.5 cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
php php 5.1.6 cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
php php 5.2.0 cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
php php 5.2.1 cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
php php 5.2.2 cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
php php 5.2.3 cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
php php 5.2.4 cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
php php 5.2.5 cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
php php 5.2.6 cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

References for CVE-2008-5557

URL Tags
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html
http://bugs.php.net/bug.php?id=45722 Exploit
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8 Exploit
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://secunia.com/advisories/34642
http://secunia.com/advisories/35003
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://securitytracker.com/id?1021482
http://support.apple.com/kb/HT3549
http://wiki.rpath.com/Advisories:rPSA-2009-0035
http://www.debian.org/security/2009/dsa-1789
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
http://www.php.net/ChangeLog-5.php#5.2.7
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.securityfocus.com/archive/1/501376/100/0/threaded
http://www.securityfocus.com/bid/32948
http://www.us-cert.gov/cas/techalerts/TA09-133A.html US Government Resource
http://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/47525
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
cvelogic Threat Intelligence