CVE-2006-4482 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2006-4482?

CVE-2006-4482 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-4482?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Php	Php	< 5.1.5
Canonical	Ubuntu Linux	5.04
Debian	Debian Linux	3.1

Related Weaknesses (CWE)

CWE-787

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.ascBroken Link
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&rBroken LinkPatch
http://rhn.redhat.com/errata/RHSA-2006-0688.htmlThird Party Advisory
http://secunia.com/advisories/21546Not ApplicablePatchVendor Advisory
http://secunia.com/advisories/21768Not ApplicableVendor Advisory
http://secunia.com/advisories/22004Not ApplicableVendor Advisory
http://secunia.com/advisories/22039Not Applicable
http://secunia.com/advisories/22069Not ApplicableVendor Advisory
http://secunia.com/advisories/22225Not ApplicableVendor Advisory
http://secunia.com/advisories/22440Not ApplicableVendor Advisory
http://secunia.com/advisories/22487Not Applicable
http://secunia.com/advisories/22538Not Applicable
http://secunia.com/advisories/22713Not Applicable
http://securitytracker.com/id?1016984Broken LinkThird Party AdvisoryVDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-221.htmThird Party Advisory

FAQ

What is CVE-2006-4482?

CVE-2006-4482 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vec...

How severe is CVE-2006-4482?

CVE-2006-4482 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-4482?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Debian Debian Linux.