CVE-2006-4812

PHP <5.1.6 & 4 - RCE

Title source: llm

Description

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · phpremotephp

https://www.exploit-db.com/exploits/28760

View Code ZIP pw:eip

References (26)

[Various Sources] http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

[Various Sources] http://lists.suse.com/archive/suse-security-announce/2006-Oct/0002.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2006-0688.html

[Patch, Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2006-0708.html

[Patch, Vendor Advisory] http://secunia.com/advisories/22280

[Patch] http://securitytracker.com/id?1016984

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200610-14.xml

[Vendor Advisory] http://www.hardened-php.net/advisory_092006.133.html

[Patch] http://www.hardened-php.net/files/CVE-2006-4812.patch

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/448014/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/448953/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29362

[Vendor Advisory] http://www.ubuntu.com/usn/usn-362-1

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2006-234.htm

[Vendor Advisory] http://www.trustix.org/errata/2006/0055

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20349

[Third Party Advisory] http://secunia.com/advisories/22281

[Third Party Advisory] http://secunia.com/advisories/22300

[Third Party Advisory] http://secunia.com/advisories/22331

... and 6 more

Scores

EPSS 0.3941

EPSS Percentile 97.3%

Details

CWE

CWE-94

Status published

Products (30)

php/php 4.0

php/php 4.0.1 (3 CPE variants)

php/php 4.0.2

php/php 4.0.3 (2 CPE variants)

php/php 4.0.4

php/php 4.0.5

php/php 4.0.6

php/php 4.0.7 (4 CPE variants)

php/php 4.1.0

php/php 4.1.1

... and 20 more

Published Oct 10, 2006

Tracked Since Feb 18, 2026