ID CVE-2006-1991
Summary The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
refmap via4
gentoo GLSA-200605-08
mandrake MDKSA-2006:091
misc http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02
sectrack 1015979
secunia
  • 20052
  • 20269
  • 20676
  • 21125
suse SUSE-SA:2006:031
ubuntu USN-320-1
vupen ADV-2006-1500
xf php-substrcompare-length-dos(26003)
Last major update 20-07-2017 - 01:31
Published 24-04-2006 - 23:02
Back to Top