Описание
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 5.1.2-1ubuntu3.18 |
| devel | not-affected | 5.3.3-1ubuntu6 |
| hardy | not-affected | 5.2.4-2ubuntu5.10 |
| jaunty | not-affected | 5.2.6.dfsg.1-3ubuntu4.5 |
| karmic | not-affected | 5.2.10.dfsg.1-2ubuntu6.4 |
| lucid | released | 5.3.2-1ubuntu4.5 |
| upstream | released | 5.3.3 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chu ...
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3