CVE-2006-4482
UnknownEPSS 4.49%
Last modified
CVE-2006-4482 is a vulnerability of currently unknown severity. Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.. EPSS estimates a 4.49% chance of exploitation in the next 30 days.
Description
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | < 5.1.5 |
| Canonical | Ubuntu Linux | 5.04 |
| Canonical | Ubuntu Linux | 5.10 |
| Canonical | Ubuntu Linux | 6.06 |
| Debian | Debian Linux | 3.1 |
References
- http://rhn.redhat.com/errata/RHSA-2006-0688.htmlThird Party Advisory
- http://secunia.com/advisories/21546Not Applicable, Patch, Vendor Advisory
- http://secunia.com/advisories/21768Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22004Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22039Not Applicable
- http://secunia.com/advisories/22069Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22225Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22440Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22487Not Applicable
- http://secunia.com/advisories/22538Not Applicable
- http://secunia.com/advisories/22713Not Applicable
- http://securitytracker.com/id?1016984Broken Link, Third Party Advisory, VDB Entry
- http://support.avaya.com/elmodocs2/security/ASA-2006-221.htmThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-222.htmThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-223.htmThird Party Advisory
- http://www.debian.org/security/2006/dsa-1206Third Party Advisory
- http://www.php.net/ChangeLog-5.php#5.1.5Release Notes, Vendor Advisory
- http://www.php.net/release_5_1_5.phpPatch, Release Notes, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0669.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0682.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/447866/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/19582Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-342-1Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3318Permissions Required
- https://issues.rpath.com/browse/RPL-683Broken Link
- http://rhn.redhat.com/errata/RHSA-2006-0688.htmlThird Party Advisory
- http://secunia.com/advisories/21546Not Applicable, Patch, Vendor Advisory
- http://secunia.com/advisories/21768Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22004Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22039Not Applicable
- http://secunia.com/advisories/22069Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22225Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22440Not Applicable, Vendor Advisory
- http://secunia.com/advisories/22487Not Applicable
- http://secunia.com/advisories/22538Not Applicable
- http://secunia.com/advisories/22713Not Applicable
- http://securitytracker.com/id?1016984Broken Link, Third Party Advisory, VDB Entry
- http://support.avaya.com/elmodocs2/security/ASA-2006-221.htmThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-222.htmThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-223.htmThird Party Advisory
- http://www.debian.org/security/2006/dsa-1206Third Party Advisory
- http://www.php.net/ChangeLog-5.php#5.1.5Release Notes, Vendor Advisory
- http://www.php.net/release_5_1_5.phpPatch, Release Notes, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0669.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0682.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/447866/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/19582Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-342-1Third Party Advisory
- http://www.vupen.com/english/advisories/2006/3318Permissions Required
- https://issues.rpath.com/browse/RPL-683Broken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4482?
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
How severe is CVE-2006-4482?
Severity scoring for CVE-2006-4482 is pending analysis. The EPSS model estimates a 4.49% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4482?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-4482?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST