10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.58 Medium
EPSS
Percentile
97.7%
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
A flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow.
An attacker could execute arbitrary code with the rights of the web server user or the user running a vulnerable PHP script.
There is no known workaround at this time.
All PHP 5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.1.6-r6"
All PHP 4.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-4.4.4-r6"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-lang/php | < 5.1.6-r6 | UNKNOWN |