Lucene search

K
nvd[email protected]NVD:CVE-2004-0594
HistoryJul 27, 2004 - 4:00 a.m.

CVE-2004-0594

2004-07-2704:00:00
CWE-367
web.nvd.nist.gov

7.5 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.613 Medium

EPSS

Percentile

97.8%

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Affected configurations

NVD
Node
openpkgopenpkgMatch2.0
OR
openpkgopenpkgMatch2.1
OR
avayaconverged_communications_serverMatch2.0
OR
debiandebian_linuxMatch3.0
OR
hphp-uxMatchb.11.00
OR
hphp-uxMatchb.11.11
OR
hphp-uxMatchb.11.22
OR
hphp-uxMatchb.11.23
OR
trustixsecure_linuxMatch1.5
OR
trustixsecure_linuxMatch2.0
OR
trustixsecure_linuxMatch2.1
Node
phpphpRange4.04.3.7
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2

References

7.5 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.613 Medium

EPSS

Percentile

97.8%