CVE-2006-1991

Name of the Vulnerable Software and Affected Versions PHP versions 4.3.11 and prior PHP versions 4.4.2 and prior PHP versions 5.0.5 and prior PHP versions 5.1.3 RC1 and prior PHP version 5.1.2

Description The issue allows attackers to cause a denial of service or execute arbitrary commands due to errors in several PHP functions. Specifically, the wordwrap() function has a buffer overflow error, the array fill() function does not handle large num arguments properly, and the substr compare() function has an input validation error. These errors could be exploited by remote attackers or malicious users.

Recommendations For PHP versions 4.3.11 and prior, consider upgrading to a newer version to mitigate the risk. For PHP versions 4.4.2 and prior, consider upgrading to a newer version to mitigate the risk. For PHP versions 5.0.5 and prior, consider upgrading to a newer version to mitigate the risk. For PHP versions 5.1.3 RC1 and prior, consider upgrading to a newer version to mitigate the risk. For PHP version 5.1.2, consider upgrading to a newer version to mitigate the risk. As a temporary workaround, consider disabling the wordwrap(), array fill(), and substr compare() functions until a patch is available. Restrict access to PHP scripts that use the affected functions to minimize the risk of exploitation. Avoid using large num arguments in the array fill() function until the issue is resolved.