Published: 10/01/2005 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The deserialization code in PHP prior to 4.3.10 and PHP 5.x up to 5.0.2 allows remote malicious users to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openpkg openpkg 2.2
openpkg openpkg current
php php 3.0.14
php php 3.0.15
php php 3.0.5
php php 3.0.6
php php 3.0.7
php php 4.0.2
php php 4.0.3
php php 4.0.7
php php 4.2.3
php php 4.2
php php 4.3.0
php php 4.3.7
php php 4.3.8
php php 5.0
php php 3.0.10
php php 3.0.11
php php 3.0.18
php php 3.0.2
php php 4.0
php php 4.0.1
php php 4.0.5
php php 4.0.6
php php 4.1.2
php php 4.2.0
php php 4.3.3
php php 4.3.4
php php 5.0.1
php php 5.0.2
openpkg openpkg 2.1
php php 3.0.12
php php 3.0.13
php php 3.0.3
php php 3.0.4
php php 4.2.1
php php 4.2.2
php php 4.3.5
php php 4.3.6
php php 3.0
php php 3.0.1
php php 3.0.16
php php 3.0.17
php php 3.0.8
php php 3.0.9
php php 4.0.4
php php 4.1.0
php php 4.1.1
php php 4.3.1
php php 4.3.2
php php 4.3.9
php php 5.0.0
trustix secure linux 2.2
ubuntu ubuntu linux 4.1
trustix secure linux 2.0
trustix secure linux 2.1

Stefan Esser reported several buffer overflows in PHP’s variable unserializing handling These could allow an attacker to execute arbitrary code on the server with the PHP interpreter’s privileges by sending specially crafted input strings (form data, cookie values, and similar) ...

Synopsis php security update Type/Severity Security Advisory: Important Topic Updated php packages that fix various security issues are nowavailable for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the Red HatSecurity Response Team Description ...

Synopsis php security update Type/Severity Security Advisory: Important Topic Updated php packages that fix various security issues are nowavailable for Red Hat Enterprise Linux 21 Description PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web serverA double ...

Synopsis php security update Type/Severity Security Advisory: Important Topic Updated php packages that fix various security issues and bugs are nowavailable for Red Hat Enterprise Linux 3 Description PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web serverF ...

CWE-20 http://www.redhat.com/support/errata/RHSA-2004-687.html http://www.hardened-php.net/advisories/012004.txt http://www.php.net/release_4_3_10.php http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html https://bugzilla.fedora.us/show_bug.cgi?id=2344 http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html http://www.securityfocus.com/advisories/9028 http://www.redhat.com/support/errata/RHSA-2005-816.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=110314318531298&w=2 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511 https://usn.ubuntu.com/40-1/https://nvd.nist.gov

CVE-2004-1019

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect