5.1

CVE-2004-0594

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenpkgOpenpkg Version2.0
OpenpkgOpenpkg Version2.1
DebianDebian Linux Version3.0
HpHp-ux Versionb.11.00
HpHp-ux Versionb.11.11
HpHp-ux Versionb.11.22
HpHp-ux Versionb.11.23
TrustixSecure Linux Version1.5
TrustixSecure Linux Version2.0
TrustixSecure Linux Version2.1
PhpPhp Version >= 4.0 < 4.3.7
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 77.73% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

http://www.securityfocus.com/bid/10725
Third Party Advisory
Broken Link
VDB Entry