CVE-2006-7205
published 2007-05-24CVE-2006-7205: The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via…
PriorityP414medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.26%
66.0th percentile
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_group | php | — | — |
| php_group | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6m79-37j9-r59p: The array_fill function in ext/standard/array
ghsa_unreviewed·2022-05-01
CVE-2006-7205 [MEDIUM] GHSA-6m79-37j9-r59p: The array_fill function in ext/standard/array
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
Red Hat
php array_fill memory consumption
vendor_redhat·CVSS 5.0
CVE-2006-7205 [MEDIUM] php array_fill memory consumption
php array_fill memory consumption
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
Statement: The memory_limit configuration option is used to constrain the amount of memory which a script can consume during execution. If this setting is disabled (or set unreasonably high), it is expected behaviour that scripts will be able to consume large amounts of memory during script execution.
The memory_limit setting is enabled by default in all versions of PHP distributed in Red Hat Enterprise Linux and Application Stack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2007-05-24
Published