CVE-2006-1990

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/19803
http://secunia.com/advisories/20052
http://secunia.com/advisories/20222
http://secunia.com/advisories/20269
http://secunia.com/advisories/20676
http://secunia.com/advisories/21031
http://secunia.com/advisories/21050
http://secunia.com/advisories/21125
http://secunia.com/advisories/21135
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
http://secunia.com/advisories/21723
http://secunia.com/advisories/22225
http://secunia.com/advisories/23155
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://securitytracker.com/id?1015979
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02 Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2006:091
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.novell.com/linux/security/advisories/2006_31_php.html
http://www.redhat.com/support/errata/RHSA-2006-0501.html
http://www.redhat.com/support/errata/RHSA-2006-0568.html
http://www.securityfocus.com/archive/1/447866/100/0/threaded
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-320-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource
http://www.vupen.com/english/advisories/2006/1500
http://www.vupen.com/english/advisories/2006/4750
https://exchange.xforce.ibmcloud.com/vulnerabilities/26001
https://issues.rpath.com/browse/RPL-683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9696
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-04-24 23:02

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1990

Mitre link : CVE-2006-1990

CVE.ORG link : CVE-2006-1990

JSON object : View

Products Affected

php

  • php
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024