The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2005-01-10 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2004-1019
Mitre link : CVE-2004-1019
CVE.ORG link : CVE-2004-1019
JSON object : View
Products Affected
trustix
- secure_linux
openpkg
- openpkg
php
- php
ubuntu
- ubuntu_linux
CWE
CWE-20
Improper Input Validation