5.1

CVE-2004-0594

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenpkgOpenpkg Version2.0
OpenpkgOpenpkg Version2.1
DebianDebian Linux Version3.0
HpHp-ux Versionb.11.00
HpHp-ux Versionb.11.11
HpHp-ux Versionb.11.22
HpHp-ux Versionb.11.23
TrustixSecure Linux Version1.5
TrustixSecure Linux Version2.0
TrustixSecure Linux Version2.1
PhpPhp Version >= 4.0 < 4.3.7
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 54.86% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

http://www.redhat.com/support/errata/RHSA-2005-816.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-405.html
Broken Link
http://marc.info/?l=bugtraq&m=109181600614477&w=2
Third Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847
Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023908.html
Broken Link
URL Repurposed
http://marc.info/?l=bugtraq&m=108981780109154&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=108982983426031&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=109051444105182&w=2
Third Party Advisory
http://www.debian.org/security/2004/dsa-531
Broken Link
http://www.debian.org/security/2005/dsa-669
Mailing List
http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml
Third Party Advisory
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068
Broken Link
http://www.novell.com/linux/security/advisories/2004_21_php4.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-392.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-395.html
Broken Link
http://www.securityfocus.com/bid/10725
Third Party Advisory
Broken Link
VDB Entry
http://www.trustix.org/errata/2004/0039/
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/16693
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10896
Broken Link