CVE-2006-4812
published 2006-10-10CVE-2006-4812: Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with…
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.01%
96.3th percentile
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2g5f-835h-7qjr: Integer overflow in PHP 5 up to 5
ghsa_unreviewed·2022-05-01
CVE-2006-4812 [HIGH] CWE-94 GHSA-2g5f-835h-7qjr: Integer overflow in PHP 5 up to 5
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2006-10-11·CVSS 10.0
CVE-2006-4485 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
The stripos() function did not check for invalidly long or empty
haystack strings. In an application that uses this function on
arbitrary untrusted data this could be exploited to crash the PHP
interpreter. (CVE-2006-4485)
An integer overflow was discovered in the PHP memory allocation
handling. On 64-bit platforms, the "memory_limit" setting was not
enforced correctly. A remote attacker could exploit this to cause a
Denial of Service attack through memory exhaustion. (CVE-2006-4486)
Maksymilian Arciemowicz discovered that security relevant
configuration options like open_basedir and safe_mode (which can be
configured in Apache's httpd.conf) could be bypassed and reset to
their default value in php.ini by using the ini_restore() f
Red Hat
security flaw
vendor_redhat·2006-09-30·CVSS 10.0
CVE-2006-4812 [CRITICAL] security flaw
security flaw
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, and 4.
No detection rules found.
Bugzilla
CVE-2006-4812 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2006-4812 [CRITICAL] CVE-2006-4812 security flaw
CVE-2006-4812 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, and 4.
Bugzilla
CVE-2006-4812 PHP ecalloc integer overflow
bugzilla·2006-10-05·CVSS 10.0
CVE-2006-4812 [CRITICAL] CVE-2006-4812 PHP ecalloc integer overflow
CVE-2006-4812 PHP ecalloc integer overflow
According to the PHP CVS changelog, an integer overflow in the way PHP allocates
memory has been found and fixed in upstream CVS:
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
Discussion:
I'm opening this bug up to the public
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0688.html
Bugzilla
CVE-2006-4812 PHP ecalloc integer overflow
bugzilla·2006-10-05·CVSS 10.0
CVE-2006-4812 [CRITICAL] CVE-2006-4812 PHP ecalloc integer overflow
CVE-2006-4812 PHP ecalloc integer overflow
According to upstream PHP CVS, an integer overflow in the way PHP allocates
memory has been found and fixed in upstream CVS:
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
Discussion:
I'm opening this bug up to the public.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0708.html
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0688.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0708.htmlhttp://secunia.com/advisories/22280http://secunia.com/advisories/22281http://secunia.com/advisories/22300http://secunia.com/advisories/22331http://secunia.com/advisories/22338http://secunia.com/advisories/22533http://secunia.com/advisories/22538http://secunia.com/advisories/22650http://securityreason.com/securityalert/1691http://securitytracker.com/id?1016984http://support.avaya.com/elmodocs2/security/ASA-2006-223.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-234.htmhttp://www.gentoo.org/security/en/glsa/glsa-200610-14.xmlhttp://www.hardened-php.net/advisory_092006.133.htmlhttp://www.hardened-php.net/files/CVE-2006-4812.patchhttp://www.securityfocus.com/archive/1/448014/100/0/threadedhttp://www.securityfocus.com/archive/1/448953/100/0/threadedhttp://www.securityfocus.com/bid/20349http://www.trustix.org/errata/2006/0055http://www.ubuntu.com/usn/usn-362-1http://www.vupen.com/english/advisories/2006/3922https://exchange.xforce.ibmcloud.com/vulnerabilities/29362http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0688.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0708.htmlhttp://secunia.com/advisories/22280http://secunia.com/advisories/22281http://secunia.com/advisories/22300http://secunia.com/advisories/22331http://secunia.com/advisories/22338http://secunia.com/advisories/22533http://secunia.com/advisories/22538http://secunia.com/advisories/22650http://securityreason.com/securityalert/1691http://securitytracker.com/id?1016984http://support.avaya.com/elmodocs2/security/ASA-2006-223.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-234.htmhttp://www.gentoo.org/security/en/glsa/glsa-200610-14.xmlhttp://www.hardened-php.net/advisory_092006.133.htmlhttp://www.hardened-php.net/files/CVE-2006-4812.patchhttp://www.securityfocus.com/archive/1/448014/100/0/threadedhttp://www.securityfocus.com/archive/1/448953/100/0/threadedhttp://www.securityfocus.com/bid/20349http://www.trustix.org/errata/2006/0055http://www.ubuntu.com/usn/usn-362-1http://www.vupen.com/english/advisories/2006/3922https://exchange.xforce.ibmcloud.com/vulnerabilities/29362
2006-10-10
Published