CVE-2010-1866

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*

History

08 Feb 2024, 18:38

Type Values Removed Values Added
CWE CWE-189 CWE-190
References () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html - Mailing List
References () http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html - Exploit () http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html - Broken Link, Exploit
First Time Suse linux Enterprise
Suse
Opensuse opensuse
Opensuse
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*

Information

Published : 2010-05-07 23:00

Updated : 2024-02-08 18:38


NVD link : CVE-2010-1866

Mitre link : CVE-2010-1866

CVE.ORG link : CVE-2010-1866


JSON object : View

Products Affected

suse

  • linux_enterprise

php

  • php

opensuse

  • opensuse
CWE
CWE-190

Integer Overflow or Wraparound