CVE-2006-4812

Name of the Vulnerable Software and Affected Versions PHP versions 4 before 4.3.0 PHP versions 5 up to 5.1.6

Description The issue is related to an integer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a large value for the number of array elements to the unserialize PHP function, which triggers the overflow in the Zend Engine ecalloc function.

Recommendations For PHP versions 4 before 4.3.0, update to version 4.3.0 or later to resolve the issue. For PHP versions 5 up to 5.1.6, update to a version later than 5.1.6 to resolve the issue.