CVE-2006-3018
published 2006-06-14CVE-2006-3018: Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.97%
78.0th percentile
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_group | php | <= 5.1.2 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2006-07-19·CVSS 4.3
CVE-2006-1494 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)
An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)
The wordwrap() function did not sufficiently check the validity of the
'break' argument. An attacker who could control the string passed to
the 'break' parameter cou
Red Hat
CVE-2006-3018: Unspecified vulnerability in the session extension functionality in PHP before 5
vendor_redhat·CVSS 7.5
CVE-2006-3018 [HIGH] CVE-2006-3018: Unspecified vulnerability in the session extension functionality in PHP before 5
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
Statement: Unknown: CVE-2006-3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/release_5_1_3.php, reading: "Fixed a heap corruption inside the session extension." Of the changes made to the session extension between releases 5.1.2 and 5.1.3, none would fix a bug matching this description by our analysis.
GHSA
GHSA-p2mf-5wpv-qq3x: Unspecified vulnerability in the session extension functionality in PHP before 5
ghsa_unreviewed·2022-05-01
CVE-2006-3018 [HIGH] GHSA-p2mf-5wpv-qq3x: Unspecified vulnerability in the session extension functionality in PHP before 5
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/19927http://secunia.com/advisories/21050http://secunia.com/advisories/21125http://securitytracker.com/id?1016306http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.osvdb.org/25254http://www.php.net/release_5_1_3.phphttp://www.securityfocus.com/bid/17843http://www.ubuntu.com/usn/usn-320-1http://secunia.com/advisories/19927http://secunia.com/advisories/21050http://secunia.com/advisories/21125http://securitytracker.com/id?1016306http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.osvdb.org/25254http://www.php.net/release_5_1_3.phphttp://www.securityfocus.com/bid/17843http://www.ubuntu.com/usn/usn-320-1
2006-06-14
Published