logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2006-4812

Description

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).


Affected Software


CPE Name Name Version
php:php php 4.0.4
php:php php 4.0.5
php:php php 4.1.1
php:php php 4.1.2
php:php php 5.0.1
php:php php 5.0.2
php:php php 5.0.3
php:php php 5.1.1
php:php php 5.1.2
php:php php 4.0.3
php:php php 4.0.3
php:php php 4.0.7
php:php php 4.1.0
php:php php 4.2
php:php php 5.0.0
php:php php 5.0
php:php php 5.1.0
php:php php 4.0.1
php:php php 4.0.2
php:php php 4.0.7
php:php php 4.0.7
php:php php 4.2.2
php:php php 4.2.3
php:php php 5.0
php:php php 5.0
php:php php 5.1.5
php:php php 5.1.6
php:php php 4.0
php:php php 4.0.1
php:php php 4.0.1
php:php php 4.0.6
php:php php 4.0.7
php:php php 4.2.0
php:php php 4.2.1
php:php php 5.0.4
php:php php 5.0.5
php:php php 5.1.3
php:php php 5.1.4

Related