CVE-2006-1549
published 2006-04-10CVE-2006-1549: PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
0.86%
54.0th percentile
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:2.10.0.2-1 (bookworm) | phpmyadmin 4:2.10.0.2-1 (bookworm) |
| php | php | — | — |
| php | php | — | — |
| phpmyadmin | phpmyadmin | <= 2.10.0.1 | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.10.0.2-1 | 4:2.10.0.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.10.0.2-1 | 4:2.10.0.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.10.0.2-1 | 4:2.10.0.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.10.0.2-1 | 4:2.10.0.2-1 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-866h-5php-38pf: PHP 4
ghsa_unreviewed·2022-05-01
CVE-2006-1549 [LOW] GHSA-866h-5php-38pf: PHP 4
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
GHSA
GHSA-wxxc-635g-7hm3: The PMA_ArrayWalkRecursive function in libraries/common
ghsa_unreviewed·2022-05-01·CVSS 2.1
CVE-2007-1325 [LOW] GHSA-wxxc-635g-7hm3: The PMA_ArrayWalkRecursive function in libraries/common
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
OSV
CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common
osv·2007-03-07·CVSS 2.1
CVE-2007-1325 [LOW] CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
Debian
CVE-2007-1325: phpmyadmin - The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin be...
vendor_debian·2007·CVSS 2.1
CVE-2007-1325 [LOW] CVE-2007-1325: phpmyadmin - The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin be...
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
Scope: local
bookworm: resolved (fixed in 4:2.10.0.2-1)
bullseye: resolved (fixed in 4:2.10.0.2-1)
forky: resolved (fixed in 4:2.10.0.2-1)
sid: resolved (fixed in 4:2.10.0.2-1)
trixie: resolved (fixed in 4:2.10.0.2-1)
Red Hat
CVE-2006-1549: PHP 4
vendor_redhat·CVSS 2.1
CVE-2006-1549 [LOW] CVE-2006-1549: PHP 4
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
Statement: The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
No detection rules found.
http://securityreason.com/achievement_securityalert/35http://securityreason.com/securityalert/2312http://securityreason.com/securityalert/676http://securitytracker.com/id?1015880http://www.osvdb.org/24485http://www.php-security.org/MOPB/MOPB-02-2007.htmlhttp://www.securityfocus.com/archive/1/430453/100/0/threadedhttp://www.securityfocus.com/archive/1/430598/100/0/threadedhttp://www.securityfocus.com/archive/1/430742/100/0/threadedhttp://www.securityfocus.com/archive/1/431018/100/0/threadedhttp://www.securityfocus.com/bid/22766http://www.vupen.com/english/advisories/2006/1290https://exchange.xforce.ibmcloud.com/vulnerabilities/25704http://securityreason.com/achievement_securityalert/35http://securityreason.com/securityalert/2312http://securityreason.com/securityalert/676http://securitytracker.com/id?1015880http://www.osvdb.org/24485http://www.php-security.org/MOPB/MOPB-02-2007.htmlhttp://www.securityfocus.com/archive/1/430453/100/0/threadedhttp://www.securityfocus.com/archive/1/430598/100/0/threadedhttp://www.securityfocus.com/archive/1/430742/100/0/threadedhttp://www.securityfocus.com/archive/1/431018/100/0/threadedhttp://www.securityfocus.com/bid/22766http://www.vupen.com/english/advisories/2006/1290https://exchange.xforce.ibmcloud.com/vulnerabilities/25704
2006-04-10
Published