Published: 31/08/2006 Updated: 30/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Subscribe to Php

Integer overflow in memory allocation routines in PHP prior to 5.1.6, when running on a 64-bit system, allows context-dependent malicious users to bypass the memory_limit restriction.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.1.0
php php 5.1.4
php php 5.1.5
php php 5.1.1
php php 5.1.2

The stripos() function did not check for invalidly long or empty haystack strings In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter (CVE-2006-4485) ...

CWE-189 http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14 http://www.php.net/ChangeLog-5.php#5.1.6 http://www.php.net/release_5_1_6.php http://secunia.com/advisories/21546 http://www.redhat.com/support/errata/RHSA-2006-0669.html http://www.redhat.com/support/errata/RHSA-2006-0682.html http://www.novell.com/linux/security/advisories/2006_52_php.html http://secunia.com/advisories/22004 http://secunia.com/advisories/22069 http://securitytracker.com/id?1016984 https://issues.rpath.com/browse/RPL-683 http://www.ubuntu.com/usn/usn-362-1 http://secunia.com/advisories/22225 http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm http://secunia.com/advisories/22440 http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm http://rhn.redhat.com/errata/RHSA-2006-0688.html ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://www.securityfocus.com/bid/19582 http://secunia.com/advisories/22538 http://secunia.com/advisories/22487 http://secunia.com/advisories/22331 http://www.turbolinux.com/security/2006/TLSA-2006-38.txt http://www.debian.org/security/2007/dsa-1331 http://secunia.com/advisories/25945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086 http://www.securityfocus.com/archive/1/447866/100/0/threaded https://usn.ubuntu.com/362-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook