2.6
CVSSv2

CVE-2006-4486

Published: 31/08/2006 Updated: 30/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

Integer overflow in memory allocation routines in PHP prior to 5.1.6, when running on a 64-bit system, allows context-dependent malicious users to bypass the memory_limit restriction.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.1.0

php php 5.1.1

php php 5.1.2

php php 5.1.4

php php 5.1.5

Vendor Advisories

The stripos() function did not check for invalidly long or empty haystack strings In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter (CVE-2006-4485) ...

References

CWE-189ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://rhn.redhat.com/errata/RHSA-2006-0688.htmlhttp://secunia.com/advisories/21546http://secunia.com/advisories/22004http://secunia.com/advisories/22069http://secunia.com/advisories/22225http://secunia.com/advisories/22331http://secunia.com/advisories/22440http://secunia.com/advisories/22487http://secunia.com/advisories/22538http://secunia.com/advisories/25945http://securitytracker.com/id?1016984http://support.avaya.com/elmodocs2/security/ASA-2006-221.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-222.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-223.htmhttp://www.debian.org/security/2007/dsa-1331http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14http://www.novell.com/linux/security/advisories/2006_52_php.htmlhttp://www.php.net/ChangeLog-5.php#5.1.6http://www.php.net/release_5_1_6.phphttp://www.redhat.com/support/errata/RHSA-2006-0669.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0682.htmlhttp://www.securityfocus.com/archive/1/447866/100/0/threadedhttp://www.securityfocus.com/bid/19582http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.ubuntu.com/usn/usn-362-1https://issues.rpath.com/browse/RPL-683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086http://tools.cisco.com/security/center/viewAlert.x?alertId=11576https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/php-cve-2006-4483https://usn.ubuntu.com/362-1/