CVE-2010-1866

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

Published : 2010-05-07 23:00 Updated : 2010-09-30 06:00

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Php Php 5.3.2 cpe:/a:php:php:5.3.2
Php Php 5.3.1 cpe:/a:php:php:5.3.1
Php Php 5.3.0 cpe:/a:php:php:5.3.0
  1. Php (1) Search CVE
    1. Php (3) Search CVE
      1. 5.3.2
      2. 5.3.1
      3. 5.3.0

CWE

ID Name Description Links
CWE-189 Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. CVE

History of changes

Date Event
2010-05-07 23:00

New CVE