PT-2006-3922 · Php+1 · Php+1

Stefan Esser

Published

2006-06-14

Updated

2018-10-30

CVE-2006-3017

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.3 PHP versions 5.x prior to 5.1.3

Description The issue is related to the zend hash del key or index function in zend hash.c, which can cause zend hash del to delete the wrong element. This prevents a variable from being unset even when the PHP unset function is called, potentially allowing the variable's value to be used in security-relevant operations.

Recommendations For PHP versions prior to 4.4.3, update to version 4.4.3 or later to resolve the issue. For PHP versions 5.x prior to 5.1.3, update to version 5.1.3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3017

DSA-1206-1

RHSA-2006:0568

RHSA-2006_0568

Affected Products

Php

Red Hat

PT-2006-3922 · Php+1 · Php+1

CVE-2006-3017

Related Identifiers

Affected Products

References · 50