CVE-2006-4020

First published: Tue Aug 08 2006(Updated: )

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
PHP PHP	=4.3.9
PHP PHP	=4.0-beta1
PHP PHP	=5.1.2
PHP PHP	=4.0-beta4
PHP PHP	=4.2.0
PHP PHP	=5.1.1
PHP PHP	=5.0.0-beta1
PHP PHP	=4.1.0
PHP PHP	=4.3.4
PHP PHP	=4.0.4
PHP PHP	=4.3.0
PHP PHP	=4.0.5
PHP PHP	=5.0-rc1
PHP PHP	=5.0.5
PHP PHP	=4.3.6
PHP PHP	=5.0.1
PHP PHP	=5.1.4
PHP PHP	=4.0.7-rc2
PHP PHP	=4.3.7
PHP PHP	=5.0.4
PHP PHP	=4.0.7-rc1
PHP PHP	=4.2.2
PHP PHP	=4.4.2
PHP PHP	=4.0-rc1
PHP PHP	=4.3.2
PHP PHP	=4.3.11
PHP PHP	=4.0.0
PHP PHP	=4.0.3-patch1
PHP PHP	=4.0.7
PHP PHP	=4.0.2
PHP PHP	=4.3.3
PHP PHP	=5.0-rc3
PHP PHP	=4.1.1
PHP PHP	=4.4.3
PHP PHP	=5.0.0-rc2
PHP PHP	=5.0.3
PHP PHP	=4.2.3
PHP PHP	=5.1.0
PHP PHP	=4.0.1-patch1
PHP PHP	=5.0.0-rc3
PHP PHP	=4.0
PHP PHP	=4.0-beta2
PHP PHP	=4.0.1-patch2
PHP PHP	=4.0.6
PHP PHP	=5.0-rc2
PHP PHP	=4.1.2
PHP PHP	=5.0.0-beta3
PHP PHP	=4.0.7-rc3
PHP PHP	=4.0-rc2
PHP PHP	=4.3.1
PHP PHP	=4.0-beta_4_patch1
PHP PHP	=4.4.0
PHP PHP	=4.3.10
PHP PHP	=4.2.1
PHP PHP	=5.0.0-rc1
PHP PHP	=4.0.4-patch1
PHP PHP	=4.0.1
PHP PHP	=5.0.2
PHP PHP	=4.2
PHP PHP	=4.4.1
PHP PHP	=4.0-beta3
PHP PHP	=4.0.3
PHP PHP	=5.0.0-beta4
PHP PHP	=5.0.0
PHP PHP	=4.3.8
PHP PHP	=4.3.5
PHP PHP	=5.0.0-beta2

Remedy

http://bugs.php.net/bug.php?id=38322

Remedy

http://www.securityfocus.com/archive/1/442438/30/0/threaded

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
agent/remedy
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/php
canonical/php php
version/php php/4.3.9
version/php php/4.0-beta1
version/php php/5.1.2
version/php php/4.0-beta4
version/php php/4.2.0
version/php php/5.1.1
version/php php/5.0.0-beta1
version/php php/4.1.0
version/php php/4.3.4
version/php php/4.0.4
version/php php/4.3.0
version/php php/4.0.5
version/php php/5.0-rc1
version/php php/5.0.5
version/php php/4.3.6
version/php php/5.0.1
version/php php/5.1.4
version/php php/4.0.7-rc2
version/php php/4.3.7
version/php php/5.0.4
version/php php/4.0.7-rc1
version/php php/4.2.2
version/php php/4.4.2
version/php php/4.0-rc1
version/php php/4.3.2
version/php php/4.3.11
version/php php/4.0.0
version/php php/4.0.3-patch1
version/php php/4.0.7
version/php php/4.0.2
version/php php/4.3.3
version/php php/5.0-rc3
version/php php/4.1.1
version/php php/4.4.3
version/php php/5.0.0-rc2
version/php php/5.0.3
version/php php/4.2.3
version/php php/5.1.0
version/php php/4.0.1-patch1
version/php php/5.0.0-rc3
version/php php/4.0
version/php php/4.0-beta2
version/php php/4.0.1-patch2
version/php php/4.0.6
version/php php/5.0-rc2
version/php php/4.1.2
version/php php/5.0.0-beta3
version/php php/4.0.7-rc3
version/php php/4.0-rc2
version/php php/4.3.1
version/php php/4.0-beta_4_patch1
version/php php/4.4.0
version/php php/4.3.10
version/php php/4.2.1
version/php php/5.0.0-rc1
version/php php/4.0.4-patch1
version/php php/4.0.1
version/php php/5.0.2
version/php php/4.2
version/php php/4.4.1
version/php php/4.0-beta3
version/php php/4.0.3
version/php php/5.0.0-beta4
version/php php/5.0.0
version/php php/4.3.8
version/php php/4.3.5
version/php php/5.0.0-beta2

CVE-2006-4020

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact