9.3

CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 4.4.2
PhpPhp Version3.0
PhpPhp Version3.0.1
PhpPhp Version3.0.2
PhpPhp Version3.0.3
PhpPhp Version3.0.4
PhpPhp Version3.0.5
PhpPhp Version3.0.6
PhpPhp Version3.0.7
PhpPhp Version3.0.8
PhpPhp Version3.0.9
PhpPhp Version3.0.10
PhpPhp Version3.0.11
PhpPhp Version3.0.12
PhpPhp Version3.0.13
PhpPhp Version3.0.14
PhpPhp Version3.0.15
PhpPhp Version3.0.16
PhpPhp Version3.0.17
PhpPhp Version3.0.18
PhpPhp Version4.0
PhpPhp Version4.0 Updatebeta_4_patch1
PhpPhp Version4.0 Updatebeta1
PhpPhp Version4.0 Updatebeta2
PhpPhp Version4.0 Updatebeta3
PhpPhp Version4.0 Updatebeta4
PhpPhp Version4.0 Updaterc1
PhpPhp Version4.0 Updaterc2
PhpPhp Version4.0.0
PhpPhp Version4.0.1
PhpPhp Version4.0.1 Updatepatch1
PhpPhp Version4.0.1 Updatepatch2
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.3 Updatepatch1
PhpPhp Version4.0.4
PhpPhp Version4.0.4 Updatepatch1
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.0.7 Updaterc1
PhpPhp Version4.0.7 Updaterc2
PhpPhp Version4.0.7 Updaterc3
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2 Editiondev
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.4
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version4.3.8
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version4.3.11
PhpPhp Version4.4.0
PhpPhp Version4.4.1
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
PhpPhp Version5.0.0
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Versionpl1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.06% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21202
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0567.html
http://secunia.com/advisories/21050
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/21252
Vendor Advisory
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://secunia.com/advisories/22713
Vendor Advisory
http://www.debian.org/security/2006/dsa-1206
http://secunia.com/advisories/21125
Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://secunia.com/advisories/21031
Vendor Advisory
http://secunia.com/advisories/21135
Vendor Advisory
http://secunia.com/advisories/21723
Vendor Advisory
http://secunia.com/advisories/22225
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
http://www.redhat.com/support/errata/RHSA-2006-0568.html
http://www.securityfocus.com/archive/1/447866/100/0/threaded
https://issues.rpath.com/browse/RPL-683
http://www.novell.com/linux/security/advisories/2006_31_php.html
http://secunia.com/advisories/19927
Vendor Advisory
http://securitytracker.com/id?1016306
http://www.php.net/release_5_1_3.php
http://www.securityfocus.com/bid/17843
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
http://securitytracker.com/id?1016649
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.novell.com/linux/security/advisories/2006_34_php4.html
http://www.osvdb.org/25255
http://www.osvdb.org/26466
http://www.securityfocus.com/archive/1/442437/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
https://usn.ubuntu.com/320-1/