VDB
CVE-2004-1018
CVE-2004-1018
PUBLISHED
Reported by mitre · Published December 8, 2004
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, *, n/a |
Timeline
- Dec 8, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- RHSA-2005:032 vendor-advisoryx_refsource_REDHAT
- oval:org.mitre.oval:def:10949 vdb-entrysignaturex_refsource_OVAL
- MDKSA-2005:072 vendor-advisoryx_refsource_MANDRAKE
- x_refsource_CONFIRM
- 12411 vdb-entryx_refsource_OSVDB
- RHSA-2005:816 vendor-advisoryx_refsource_REDHAT
- MDKSA-2004:151 vendor-advisoryx_refsource_MANDRAKE
- x_refsource_MISC
- php-shmopwrite-outofbounds-memory(18515) vdb-entryx_refsource_XF
- FLSA:2344 vendor-advisoryx_refsource_FEDORA
- 20041219 PHP shmop.c module permits write of arbitrary memory. mailing-listx_refsource_BUGTRAQ
- HPSBMA01212 vendor-advisoryx_refsource_HP
- 12045 vdb-entryx_refsource_BID
- 20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 mailing-listx_refsource_BUGTRAQ
- USN-99-1 vendor-advisoryx_refsource_UBUNTU