CVE-2006-7205Group PHP vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 30.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
PHP Group PHP
Timeline
PublishedMay 24
Latest updateMay 1

Description

The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDphp_group/php4.4.2, 5.1.2+1

🔴Vulnerability Details

2
GHSA
GHSA-6m79-37j9-r59p: The array_fill function in ext/standard/array2022-05-01
CVEList
CVE-2006-7205: The array_fill function in ext/standard/array2007-05-24

📋Vendor Advisories

1
Red Hat
php array_fill memory consumption
CVE-2006-7205 — PHP Group PHP vulnerability | cvebase