CVE-2006-4812

HIGH severity · CVSS 10 · Code injection

10CVSS HIGH

Summary

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)39%

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products we track (1)

PHP

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://rhn.redhat.com/errata/RHSA-2006-0708.html ↗

Additional information

NVD record
http://rhn.redhat.com/errata/RHSA-2006-0708.htmlPatch
http://secunia.com/advisories/22280Patch
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html
http://rhn.redhat.com/errata/RHSA-2006-0688.html
http://secunia.com/advisories/22281
http://secunia.com/advisories/22300
http://secunia.com/advisories/22331