CVE-2006-1490
published 2006-03-29CVE-2006-1490: PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
20.51%
97.2th percentile
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2006-07-19·CVSS 4.3
CVE-2006-1494 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)
An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)
The wordwrap() function did not sufficiently check the validity of the
'break' argument. An attacker who could control the string passed to
the 'break' parameter cou
Red Hat
security flaw
vendor_redhat·2006-03-28·CVSS 5.0
CVE-2006-1490 [MEDIUM] security flaw
security flaw
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
GHSA
GHSA-fc4p-x25r-c4jr: PHP before 5
ghsa_unreviewed·2022-05-03
CVE-2006-1490 [MEDIUM] GHSA-fc4p-x25r-c4jr: PHP before 5
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
No detection rules found.
Bugzilla
CVE-2006-1490 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2006-1490 [MEDIUM] CVE-2006-1490 security flaw
CVE-2006-1490 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Bugzilla
CVE-2006-1490 PHP memory disclosure issue
bugzilla·2006-03-29·CVSS 5.0
CVE-2006-1490 [MEDIUM] CVE-2006-1490 PHP memory disclosure issue
CVE-2006-1490 PHP memory disclosure issue
PHP memory disclosure issue
A memory disclosure issue was found and fixed in PHP's
unescape_html_entities function. This issue allows a malformed HTML
string to leak back arbitrary memory from the PHP process.
There is more information in the full-disclosure thread:
http://marc.theaimsgroup.com/?t=114360319500050&r=1&w=2
The reporter on full-disclosure attempts to make this issue sound
considerably worse than it is.
The patch is here:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.63.2.23.2.1&r2=1.63.2.23.2.2
This issue also affects FC4
Discussion:
Fixed in FEDORA-2006-289.
Bugzilla
CVE-2006-1490 PHP memory disclosure issue
bugzilla·2006-03-29·CVSS 5.0
CVE-2006-1490 [MEDIUM] CVE-2006-1490 PHP memory disclosure issue
CVE-2006-1490 PHP memory disclosure issue
PHP memory disclosure issue
A memory disclosure issue was found and fixed in PHP's
unescape_html_entities function. This issue allows a malformed HTML
string to leak back arbitrary memory from the PHP process.
There is more information in the full-disclosure thread:
http://marc.theaimsgroup.com/?t=114360319500050&r=1&w=2
The reporter on full-disclosure attempts to make this issue sound
considerably worse than it is.
The patch is here:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.63.2.23.2.1&r2=1.63.2.23.2.2
This issue also affects RHEL3
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
Bugzilla
CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1
bugzilla·2005-12-05·CVSS 5.0
CVE-2002-2214 [MEDIUM] CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1
CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1490 CVE-2006-1990)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4
Description of problem:
If a mailbox contains a From: or To: header beginning with an overlong e-mail address, imap_fetch_overview() will segfault when processing that message.
This is one of several vulnerabilities where code in php_imap.c calls rfc822_write_address() to write an e-mail address to a buffer of fixed size without first checking that the e-mail address fits into the buffer.
http://bugs.php.net/bug.php?id=15595
http://bugs.php.net/bug.php
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugs.gentoo.org/show_bug.cgi?id=127939http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=loghttp://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://secunia.com/advisories/19383http://secunia.com/advisories/19499http://secunia.com/advisories/19570http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210http://secunia.com/advisories/20951http://secunia.com/advisories/21125http://secunia.com/advisories/23155http://security.gentoo.org/glsa/glsa-200605-08.xmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-129.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:063http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.securityfocus.com/archive/1/429162/100/0/threadedhttp://www.securityfocus.com/archive/1/429164/100/0/threadedhttp://www.securityfocus.com/bid/17296http://www.trustix.org/errata/2006/0020http://www.ubuntu.com/usn/usn-320-1http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://www.vupen.com/english/advisories/2006/1149http://www.vupen.com/english/advisories/2006/2685http://www.vupen.com/english/advisories/2006/4750https://exchange.xforce.ibmcloud.com/vulnerabilities/25508https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugs.gentoo.org/show_bug.cgi?id=127939http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=loghttp://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://secunia.com/advisories/19383http://secunia.com/advisories/19499http://secunia.com/advisories/19570http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210http://secunia.com/advisories/20951http://secunia.com/advisories/21125http://secunia.com/advisories/23155http://security.gentoo.org/glsa/glsa-200605-08.xmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-129.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:063http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.securityfocus.com/archive/1/429162/100/0/threadedhttp://www.securityfocus.com/archive/1/429164/100/0/threadedhttp://www.securityfocus.com/bid/17296http://www.trustix.org/errata/2006/0020http://www.ubuntu.com/usn/usn-320-1http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://www.vupen.com/english/advisories/2006/1149http://www.vupen.com/english/advisories/2006/2685http://www.vupen.com/english/advisories/2006/4750https://exchange.xforce.ibmcloud.com/vulnerabilities/25508https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084
2006-03-29
Published