Vulnerability Description
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 4.4.2 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
- http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
- http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1
- http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
- http://rhn.redhat.com/errata/RHSA-2006-0549.html
- http://secunia.com/advisories/19927Vendor Advisory
- http://secunia.com/advisories/21031Vendor Advisory
- http://secunia.com/advisories/21050Vendor Advisory
- http://secunia.com/advisories/21125Vendor Advisory
- http://secunia.com/advisories/21135Vendor Advisory
- http://secunia.com/advisories/21202Vendor Advisory
- http://secunia.com/advisories/21252Vendor Advisory
- http://secunia.com/advisories/21723Vendor Advisory
- http://secunia.com/advisories/22225Vendor Advisory
- http://secunia.com/advisories/22713Vendor Advisory
FAQ
What is CVE-2006-3017?
CVE-2006-3017 is a vulnerability with a CVSS score of 9.3 (HIGH). zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP uns...
How severe is CVE-2006-3017?
CVE-2006-3017 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3017?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.