Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1866Integer Overflow or Wraparound in PHP

CWE-190Integer Overflow or Wraparound7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
1.6%
top 18.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
PHPOpensuseSuse Linux Enterprise
Timeline
PublishedMay 7
Latest updateMay 17

Description

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDphp/php5.3.05.3.2
NVDopensuse/opensuse11.1, 11.2, 11.3+2

Also affects: Linux Enterprise 10.0, 11.0

🔴Vulnerability Details

2
GHSA
GHSA-cwwq-64rr-rv47: The dechunk filter in PHP 52022-05-17
CVEList
CVE-2010-1866: The dechunk filter in PHP 52010-05-07

💥Exploits & PoCs

1
Exploit-DB
PHP 5.3 - 'PHP_dechunk()' HTTP Chunked Encoding Integer Overflow2010-05-02

📋Vendor Advisories

2
Ubuntu
PHP vulnerabilities2010-09-20
Red Hat
php: dechunk filter integer signedness error causing buffer overflow (MOPS-2010-003)2010-05-02

💬Community

1
Bugzilla
CVE-2010-1866 php: dechunk filter integer signedness error causing buffer overflow (MOPS-2010-003)2010-07-26
CVE-2010-1866 — Integer Overflow or Wraparound in PHP | cvebase