Resource management error in PHP - CVE-2006-1549
Published: October 18, 2018 / Updated: June 13, 2025
Vulnerability identifier: #VU110486
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2006-1549
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a local user to perform service disruption.
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. Upgrade to PHP 5.1.3-RC3
How to mitigate CVE-2006-1549
Install update from vendor's website.
Sources
- http://securityreason.com/achievement_securityalert/35
- http://securityreason.com/securityalert/2312
- http://securityreason.com/securityalert/676
- http://securitytracker.com/id?1015880
- http://www.osvdb.org/24485
- http://www.php-security.org/MOPB/MOPB-02-2007.html
- http://www.securityfocus.com/archive/1/430453/100/0/threaded
- http://www.securityfocus.com/archive/1/430598/100/0/threaded
- http://www.securityfocus.com/archive/1/430742/100/0/threaded
- http://www.securityfocus.com/archive/1/431018/100/0/threaded
- http://www.securityfocus.com/bid/22766
- http://www.vupen.com/english/advisories/2006/1290
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25704