VDB
CVE-2004-0594
CVE-2004-0594
PUBLISHED
Reported by mitre · Published July 16, 2004
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, *, n/a |
Timeline
- Jul 16, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- 2004-0039 vendor-advisoryx_refsource_TRUSTIX
- 20040714 Advisory 11/2004: PHP memory_limit remote vulnerability mailing-listx_refsource_FULLDISC
- CLA-2004:847 vendor-advisoryx_refsource_CONECTIVA
- 20040714 TSSA-2004-013 - php mailing-listx_refsource_BUGTRAQ
- DSA-669 vendor-advisoryx_refsource_DEBIAN
- RHSA-2004:395 vendor-advisoryx_refsource_REDHAT
- RHSA-2004:405 vendor-advisoryx_refsource_REDHAT
- oval:org.mitre.oval:def:10896 vdb-entrysignaturex_refsource_OVAL
- RHSA-2004:392 vendor-advisoryx_refsource_REDHAT
- DSA-531 vendor-advisoryx_refsource_DEBIAN
- SUSE-SA:2004:021 vendor-advisoryx_refsource_SUSE
- MDKSA-2004:068 vendor-advisoryx_refsource_MANDRAKE
- RHSA-2005:816 vendor-advisoryx_refsource_REDHAT
- SSRT4777 vendor-advisoryx_refsource_HP
- php-memorylimit-code-execution(16693) vdb-entryx_refsource_XF
- 20040722 [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) mailing-listx_refsource_BUGTRAQ
- 10725 vdb-entryx_refsource_BID
- 20040713 Advisory 11/2004: PHP memory_limit remote vulnerability mailing-listx_refsource_BUGTRAQ
- GLSA-200407-13 vendor-advisoryx_refsource_GENTOO