CVE-2004-1019

Published: Jan 10, 2005Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Affected (65)

Products: Openpkg: Openpkg · Php: Php · Trustix: Secure Linux · +1 more

Show all products

Openpkg: Openpkg · Php: Php · Trustix: Secure Linux · Ubuntu: Ubuntu Linux

1 product

1 product

1 product

1 product

Configuration A

60 vulnerable

Vulnerable Software	Affected Versions
Openpkg Openpkg	Version 2.1
Openpkg Openpkg	Version 2.2
Openpkg Openpkg	Version current
Php Php	Version 3.0.10
Php Php	Version 3.0.11
Php Php	Version 3.0.12
Php Php	Version 3.0.13
Php Php	Version 3.0.14
Php Php	Version 3.0.15
Php Php	Version 3.0.16
Php Php	Version 3.0.17
Php Php	Version 3.0.18
Php Php	Version 3.0.1
Php Php	Version 3.0.2
Php Php	Version 3.0.3
Php Php	Version 3.0.4
Php Php	Version 3.0.5
Php Php	Version 3.0.6
Php Php	Version 3.0.7
Php Php	Version 3.0.8
Php Php	Version 3.0.9
Php Php	Version 3.0
Php Php	Version 4.0.1
Php Php	Version 4.0.1 patch1
Php Php	Version 4.0.1 patch2
Php Php	Version 4.0.2
Php Php	Version 4.0.3
Php Php	Version 4.0.3 patch1
Php Php	Version 4.0.4
Php Php	Version 4.0.5
Php Php	Version 4.0.6
Php Php	Version 4.0.7
Php Php	Version 4.0.7 rc1
Php Php	Version 4.0.7 rc2
Php Php	Version 4.0.7 rc3
Php Php	Version 4.0
Php Php	Version 4.1.0
Php Php	Version 4.1.1
Php Php	Version 4.1.2
Php Php	Version 4.2.0
Php Php	Version 4.2.1
Php Php	Version 4.2.2
Php Php	Version 4.2.3
Php Php	Version 4.2
Php Php	Version 4.3.0
Php Php	Version 4.3.1
Php Php	Version 4.3.2
Php Php	Version 4.3.3
Php Php	Version 4.3.4
Php Php	Version 4.3.5
Php Php	Version 4.3.6
Php Php	Version 4.3.7
Php Php	Version 4.3.8
Php Php	Version 4.3.9
Php Php	Version 5.0.0
Php Php	Version 5.0.1
Php Php	Version 5.0.2
Php Php	Version 5.0 rc1
Php Php	Version 5.0 rc2
Php Php	Version 5.0 rc3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Trustix Secure Linux	Version 2.0
Trustix Secure Linux	Version 2.1
Trustix Secure Linux	Version 2.2
Ubuntu Ubuntu Linux	Version 4.1
Ubuntu Ubuntu Linux	Version 4.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (32)

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110314318531298&w=2

Source: cve@mitre.org

http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html

Source: cve@mitre.org

http://www.hardened-php.net/advisories/012004.txt

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2004:151

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: cve@mitre.org

http://www.php.net/release_4_3_10.php

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-687.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-032.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2005-816.html

Source: cve@mitre.org

http://www.securityfocus.com/advisories/9028

Source: cve@mitre.org

https://bugzilla.fedora.us/show_bug.cgi?id=2344

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18514

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110314318531298&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.hardened-php.net/advisories/012004.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2004:151

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.php.net/release_4_3_10.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-687.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-032.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-816.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/advisories/9028

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.fedora.us/show_bug.cgi?id=2344

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18514

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.