CVE-2010-1866

CRITICAL

Php < 5.3.2 - Integer Overflow

Title source: rule

Description

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phpremotephp

https://www.exploit-db.com/exploits/33920

View Code ZIP pw:eip

References (2)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

[Broken Link, Exploit] http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html

Scores

CVSS v3 9.8

EPSS 0.0156

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (6)

opensuse/opensuse 11.1

opensuse/opensuse 11.2

opensuse/opensuse 11.3

php/php 5.3.0 - 5.3.2

suse/linux_enterprise 10.0 sp3

suse/linux_enterprise 11.0 (2 CPE variants)

Published May 07, 2010

Tracked Since Feb 18, 2026