Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDDD7AA4F1-102F-11D9-8A8A-000C41E2CDAD
HistoryJul 07, 2004 - 12:00 a.m.

php -- memory_limit related vulnerability

2004-07-0700:00:00
vuxml.freebsd.org
20

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.613 Medium

EPSS

Percentile

97.8%

JSON

Stefan Esser of e-matters discovered a condition within PHP
that may lead to remote execution of arbitrary code. The
memory_limit facility is used to notify functions when memory
contraints have been met. Under certain conditions, the entry
into this facility is able to interrupt functions such as
zend_hash_init() at locations not suitable for interruption.
The result would leave these functions in a vulnerable state.

An attacker that is able to trigger the memory_limit abort
within zend_hash_init() and is additionally able to control
the heap before the HashTable itself is allocated, is able to
supply his own HashTable destructor pointer. […]
All mentioned places outside of the extensions are quite easy
to exploit, because the memory allocation up to those places
is deterministic and quite static throughout different PHP
versions. […]
Because the exploit itself consist of supplying an arbitrary
destructor pointer this bug is exploitable on any platform.

Related

cve 1
canvas 1
openvas 14
nessus 13
debian 3
redhat 2
gentoo 1
slackware 1
osv 2
securityvulns 2
suse 1
cve
cve
CVE-2004-0594
2004-07-27 04:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
openvas
openvas
php -- memory_limit related vulnerability
2008-09-04 00:00:00
php -- memory_limit related vulnerability
2008-09-04 00:00:00
Debian Security Advisory DSA 669-1 (php3)
2008-01-17 00:00:00
nessus
nessus
FreeBSD : php -- memory_limit related vulnerability (dd7aa4f1-102f-11d9-8a8a-000c41e2cdad)
2005-07-13 00:00:00
SUSE-SA:2004:021: php4/mod_php4
2004-07-25 00:00:00
Debian DSA-669-1 : php3 - several vulnerabilities
2005-02-10 00:00:00
debian
debian
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
osv
osv
php3 - several
2005-02-07 00:00:00
php4 - several vulnerabilities
2004-07-20 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
2005-05-17 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.613 Medium

EPSS

Percentile

97.8%

JSON
Related for DD7AA4F1-102F-11D9-8A8A-000C41E2CDAD
cve1canvas1openvas14nessus13debian3redhat2gentoo1slackware1osv2securityvulns2suse1