10

CVE-2006-4812

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.0
PhpPhp Version4.0.1
PhpPhp Version4.0.1 Updatepatch1
PhpPhp Version4.0.1 Updatepatch2
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.3 Updatepatch1
PhpPhp Version4.0.4
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.0.7 Updaterc1
PhpPhp Version4.0.7 Updaterc2
PhpPhp Version4.0.7 Updaterc3
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2 Editiondev
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
PhpPhp Version5.0.0
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.39% 0.964
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://rhn.redhat.com/errata/RHSA-2006-0688.html
http://secunia.com/advisories/22538
http://securitytracker.com/id?1016984
Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
http://secunia.com/advisories/22331
http://www.ubuntu.com/usn/usn-362-1
http://secunia.com/advisories/22300
http://www.trustix.org/errata/2006/0055
http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html
http://secunia.com/advisories/22338
http://www.securityfocus.com/archive/1/448953/100/0/threaded
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
http://rhn.redhat.com/errata/RHSA-2006-0708.html
Patch
Vendor Advisory
http://secunia.com/advisories/22280
Patch
Vendor Advisory
http://secunia.com/advisories/22281
http://secunia.com/advisories/22533
http://secunia.com/advisories/22650
http://securityreason.com/securityalert/1691
http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm
http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml
http://www.hardened-php.net/advisory_092006.133.html
Vendor Advisory
http://www.hardened-php.net/files/CVE-2006-4812.patch
Patch
http://www.securityfocus.com/archive/1/448014/100/0/threaded
http://www.securityfocus.com/bid/20349
http://www.vupen.com/english/advisories/2006/3922
https://exchange.xforce.ibmcloud.com/vulnerabilities/29362