Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Related bugs and status

CVE-2004-1019 (Candidate) is related to these bugs:

Bug #11223: php4: 4.3.10 fixes important security holes

Summary				In	Importance	Status
	11223	php4: 4.3.10 fixes important security holes		php4 (Ubuntu)	High	Fix Released
	11223	php4: 4.3.10 fixes important security holes		php4 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.hardened-ph...
CONFIRM: http://www.php.net/rel...
FEDORA: FLSA:2344
HP: HPSBMA01212
REDHAT: RHSA-2004:687
REDHAT: RHSA-2005:032
SUSE: SUSE-SA:2005:002
OPENPKG: OpenPKG-SA-2004.053
REDHAT: RHSA-2005:816
MANDRAKE: MDKSA-2004:151
SUSE: SUSE-SU-2015:0365
SUSE: openSUSE-SU-2015:0325
CONFIRM: http://www.oracle.com/...
BUGTRAQ: 20041215 Advisory 01/2...
XF: php-unserialize-code-e...
OVAL: oval:org.mitre.oval:de...