CVE-2004-0594
Summary
| CVE | CVE-2004-0594 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-07-27 04:00:00 UTC |
| Updated | 2018-10-30 16:25:00 UTC |
| Description | The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Avaya | Converged Communications Server | 2.0 | All | All | All |
| Hardware | Avaya | Converged Communications Server | 2.0 | All | All | All |
| Application | Avaya | Integrated Management | All | All | All | All |
| Application | Avaya | Integrated Management | All | All | All | All |
| Hardware | Avaya | S8300 | r2.0.0 | All | All | All |
| Hardware | Avaya | S8300 | r2.0.1 | All | All | All |
| Hardware | Avaya | S8300 | r2.0.0 | All | All | All |
| Hardware | Avaya | S8300 | r2.0.1 | All | All | All |
| Hardware | Avaya | S8500 | r2.0.0 | All | All | All |
| Hardware | Avaya | S8500 | r2.0.1 | All | All | All |
| Hardware | Avaya | S8500 | r2.0.0 | All | All | All |
| Hardware | Avaya | S8500 | r2.0.1 | All | All | All |
| Hardware | Avaya | S8700 | r2.0.0 | All | All | All |
| Hardware | Avaya | S8700 | r2.0.1 | All | All | All |
| Hardware | Avaya | S8700 | r2.0.0 | All | All | All |
| Hardware | Avaya | S8700 | r2.0.1 | All | All | All |
| Application | Php | Php | 3.0 | All | All | All |
| Application | Php | Php | 3.0.1 | All | All | All |
| Application | Php | Php | 3.0.10 | All | All | All |
| Application | Php | Php | 3.0.11 | All | All | All |
| Application | Php | Php | 3.0.12 | All | All | All |
| Application | Php | Php | 3.0.13 | All | All | All |
| Application | Php | Php | 3.0.14 | All | All | All |
| Application | Php | Php | 3.0.15 | All | All | All |
| Application | Php | Php | 3.0.16 | All | All | All |
| Application | Php | Php | 3.0.17 | All | All | All |
| Application | Php | Php | 3.0.18 | All | All | All |
| Application | Php | Php | 3.0.2 | All | All | All |
| Application | Php | Php | 3.0.3 | All | All | All |
| Application | Php | Php | 3.0.4 | All | All | All |
| Application | Php | Php | 3.0.5 | All | All | All |
| Application | Php | Php | 3.0.6 | All | All | All |
| Application | Php | Php | 3.0.7 | All | All | All |
| Application | Php | Php | 3.0.8 | All | All | All |
| Application | Php | Php | 3.0.9 | All | All | All |
| Application | Php | Php | 4.0 | All | All | All |
| Application | Php | Php | 4.0.1 | All | All | All |
| Application | Php | Php | 4.0.1 | patch1 | All | All |
| Application | Php | Php | 4.0.1 | patch2 | All | All |
| Application | Php | Php | 4.0.2 | All | All | All |
| Application | Php | Php | 4.0.3 | All | All | All |
| Application | Php | Php | 4.0.3 | patch1 | All | All |
| Application | Php | Php | 4.0.4 | All | All | All |
| Application | Php | Php | 4.0.5 | All | All | All |
| Application | Php | Php | 4.0.6 | All | All | All |
| Application | Php | Php | 4.0.7 | All | All | All |
| Application | Php | Php | 4.0.7 | rc1 | All | All |
| Application | Php | Php | 4.0.7 | rc2 | All | All |
| Application | Php | Php | 4.0.7 | rc3 | All | All |
| Application | Php | Php | 4.1.0 | All | All | All |
| Application | Php | Php | 4.1.1 | All | All | All |
| Application | Php | Php | 4.1.2 | All | All | All |
| Application | Php | Php | 4.2 | All | dev | All |
| Application | Php | Php | 4.2.0 | All | All | All |
| Application | Php | Php | 4.2.1 | All | All | All |
| Application | Php | Php | 4.2.2 | All | All | All |
| Application | Php | Php | 4.2.3 | All | All | All |
| Application | Php | Php | 4.3.0 | All | All | All |
| Application | Php | Php | 4.3.1 | All | All | All |
| Application | Php | Php | 4.3.2 | All | All | All |
| Application | Php | Php | 4.3.3 | All | All | All |
| Application | Php | Php | 4.3.5 | All | All | All |
| Application | Php | Php | 4.3.6 | All | All | All |
| Application | Php | Php | 4.3.7 | All | All | All |
| Application | Php | Php | 5.0 | rc1 | All | All |
| Application | Php | Php | 5.0 | rc2 | All | All |
| Application | Php | Php | 5.0 | rc3 | All | All |
| Application | Php | Php | 3.0 | All | All | All |
| Application | Php | Php | 3.0.1 | All | All | All |
| Application | Php | Php | 3.0.10 | All | All | All |
| Application | Php | Php | 3.0.11 | All | All | All |
| Application | Php | Php | 3.0.12 | All | All | All |
| Application | Php | Php | 3.0.13 | All | All | All |
| Application | Php | Php | 3.0.14 | All | All | All |
| Application | Php | Php | 3.0.15 | All | All | All |
| Application | Php | Php | 3.0.16 | All | All | All |
| Application | Php | Php | 3.0.17 | All | All | All |
| Application | Php | Php | 3.0.18 | All | All | All |
| Application | Php | Php | 3.0.2 | All | All | All |
| Application | Php | Php | 3.0.3 | All | All | All |
| Application | Php | Php | 3.0.4 | All | All | All |
| Application | Php | Php | 3.0.5 | All | All | All |
| Application | Php | Php | 3.0.6 | All | All | All |
| Application | Php | Php | 3.0.7 | All | All | All |
| Application | Php | Php | 3.0.8 | All | All | All |
| Application | Php | Php | 3.0.9 | All | All | All |
| Application | Php | Php | 4.0 | All | All | All |
| Application | Php | Php | 4.0.1 | All | All | All |
| Application | Php | Php | 4.0.1 | patch1 | All | All |
| Application | Php | Php | 4.0.1 | patch2 | All | All |
| Application | Php | Php | 4.0.2 | All | All | All |
| Application | Php | Php | 4.0.3 | All | All | All |
| Application | Php | Php | 4.0.3 | patch1 | All | All |
| Application | Php | Php | 4.0.4 | All | All | All |
| Application | Php | Php | 4.0.5 | All | All | All |
| Application | Php | Php | 4.0.6 | All | All | All |
| Application | Php | Php | 4.0.7 | All | All | All |
| Application | Php | Php | 4.0.7 | rc1 | All | All |
| Application | Php | Php | 4.0.7 | rc2 | All | All |
| Application | Php | Php | 4.0.7 | rc3 | All | All |
| Application | Php | Php | 4.1.0 | All | All | All |
| Application | Php | Php | 4.1.1 | All | All | All |
| Application | Php | Php | 4.1.2 | All | All | All |
| Application | Php | Php | 4.2 | All | dev | All |
| Application | Php | Php | 4.2.0 | All | All | All |
| Application | Php | Php | 4.2.1 | All | All | All |
| Application | Php | Php | 4.2.2 | All | All | All |
| Application | Php | Php | 4.2.3 | All | All | All |
| Application | Php | Php | 4.3.0 | All | All | All |
| Application | Php | Php | 4.3.1 | All | All | All |
| Application | Php | Php | 4.3.2 | All | All | All |
| Application | Php | Php | 4.3.3 | All | All | All |
| Application | Php | Php | 4.3.5 | All | All | All |
| Application | Php | Php | 4.3.6 | All | All | All |
| Application | Php | Php | 4.3.7 | All | All | All |
| Application | Php | Php | 5.0 | rc1 | All | All |
| Application | Php | Php | 5.0 | rc2 | All | All |
| Application | Php | Php | 5.0 | rc3 | All | All |
| Operating System | Redhat | Fedora Core | core_1.0 | All | All | All |
| Operating System | Redhat | Fedora Core | core_2.0 | All | All | All |
| Operating System | Redhat | Fedora Core | core_1.0 | All | All | All |
| Operating System | Redhat | Fedora Core | core_2.0 | All | All | All |
| Operating System | Trustix | Secure Linux | 1.5 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.0 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.1 | All | All | All |
| Operating System | Trustix | Secure Linux | 1.5 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.0 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Debian -- Security Information -- DSA-531-1 php4 | DEBIAN | www.debian.org | |
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| 'Advisory 11/2004: PHP memory_limit remote vulnerability' - MARC | BUGTRAQ | marc.info | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Security Announcement | SUSE | www.novell.com | |
| [Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability | FULLDISC | lists.grok.org.uk | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| '[security bulletin] SSRT4777 HP-UX Apache, PHP remote code execution, Denial of Service' - MARC | HP | marc.info | |
| Home - Conectiva | CONECTIVA | distro.conectiva.com.br | |
| 'TSSA-2004-013 - php' - MARC | BUGTRAQ | marc.info | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Debian -- Security Information -- DSA-669-1 php3 | DEBIAN | www.debian.org | |
| 2004-0039 | TRUSTIX | www.trustix.org | |
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| PHP memory_limit Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| MandrakeSecure: MandrakeSoft Security Advisory MDKSA-2004:068 : php | MANDRAKE | www.mandrakesecure.net | |
| '[OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)' - MARC | BUGTRAQ | marc.info | |
| Gentoo Linux Documentation -- PHP: Multiple security vulnerabilities | GENTOO | www.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.