Published: 31/08/2006 Updated: 30/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The stripos function in PHP prior to 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.1.0

php php 5.1.1

php php 5.1.2

php php 5.1.4

Vendor Advisories

The stripos() function did not check for invalidly long or empty haystack strings In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter (CVE-2006-4485) ...