VDB

RHSA-2004%3A395

RHSA-2004%3A395 PUBLISHED CVSS 9.300000190734863 CRITICAL

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Red HatRed Hat Linux Advanced Workstation 2.1
Red HatRed Hat Enterprise Linux WS version 2.1
Red HatRed Hat Enterprise Linux ES version 2.1
Red HatRed Hat Enterprise Linux AS (Advanced Server) version 2.1

Timeline

  • Jul 19, 2004 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›