Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDE329550B-54F7-11DB-A5AE-00508D6A62DF
HistorySep 30, 2006 - 12:00 a.m.

php -- _ecalloc Integer Overflow Vulnerability

2006-09-3000:00:00
vuxml.freebsd.org
11

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.58 Medium

EPSS

Percentile

97.7%

JSON

Stefan Esser reports:

The PHP 5 branch of the PHP source code lacks the
protection against possible integer overflows inside
ecalloc() that is present in the PHP 4 branch and also for
several years part of our Hardening-Patch and our new
Suhosin-Patch.
It was discovered that such an integer overflow can be
triggered when user input is passed to the unserialize()
function. Earlier vulnerabilities in PHP’s unserialize()
that were also discovered by one of our audits in December
2004 are unrelated to the newly discovered flaw, but they
have shown, that the unserialize() function is exposed to
user-input in many popular PHP applications. Examples for
applications that use the content of COOKIE variables with
unserialize() are phpBB and Serendipity.
The successful exploitation of this integer overflow will
result in arbitrary code execution.

Related

cve 2
securityvulns 3
nessus 11
gentoo 1
ubuntucve 1
openvas 6
redhat 2
centos 1
suse 1
ubuntu 1
fedora 3
cve
cve
CVE-2006-4812
2006-10-10 04:06:00
CVE-2006-4170
2006-10-10 12:07:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability
2006-10-06 00:00:00
PHP integer overflow
2006-10-09 00:00:00
Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow
2006-10-09 00:00:00
nessus
nessus
PHP 4.x < 4.3.0 ZendEngine Integer Overflow
2012-01-11 00:00:00
FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)
2006-10-10 00:00:00
RHEL 2.1 : php (RHSA-2006:0708)
2006-10-10 00:00:00
gentoo
gentoo
PHP: Integer overflow
2006-10-30 00:00:00
ubuntucve
ubuntucve
CVE-2006-4812
2006-10-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200610-14 (php)
2008-09-24 00:00:00
FreeBSD Ports: php5
2008-09-04 00:00:00
Fedora Update for php FEDORA-2007-287
2009-02-27 00:00:00
redhat
redhat
(RHSA-2006:0708) php security update
2006-10-05 00:00:00
(RHSA-2006:0688) php security update
2006-10-05 00:00:00
centos
centos
php security update
2006-10-09 01:04:12
suse
suse
remote code execution in php4,php5
2006-10-09 16:00:37
ubuntu
ubuntu
PHP vulnerabilities
2006-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: php-5.1.6-1.4
2007-02-26 22:09:19
[SECURITY] Fedora Core 5 Update: php-5.1.6-1.5
2007-04-18 22:42:03
[SECURITY] Fedora Core 5 Update: php-5.1.6-1.6
2007-05-24 05:24:12

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.58 Medium

EPSS

Percentile

97.7%

JSON
Related for E329550B-54F7-11DB-A5AE-00508D6A62DF
cve2securityvulns3nessus11gentoo1ubuntucve1openvas6redhat2centos1suse1ubuntu1fedora3