CVE-2004-1019

NONE EPSS 94.1%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Threat Intelligence

EPSS Exploit Probability
94.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 65

VendorProductVersionRange
openpkgopenpkg2.1any
openpkgopenpkg2.2any
openpkgopenpkgcurrentany
phpphp3.0any
phpphp3.0.1any
phpphp3.0.2any
phpphp3.0.3any
phpphp3.0.4any
phpphp3.0.5any
phpphp3.0.6any
phpphp3.0.7any
phpphp3.0.8any
phpphp3.0.9any
phpphp3.0.10any
phpphp3.0.11any
phpphp3.0.12any
phpphp3.0.13any
phpphp3.0.14any
phpphp3.0.15any
phpphp3.0.16any
phpphp3.0.17any
phpphp3.0.18any
phpphp4.0any
phpphp4.0.1any
phpphp4.0.1any
phpphp4.0.1any
phpphp4.0.2any
phpphp4.0.3any
phpphp4.0.3any
phpphp4.0.4any
phpphp4.0.5any
phpphp4.0.6any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.1.0any
phpphp4.1.1any
phpphp4.1.2any
phpphp4.2any
phpphp4.2.0any
phpphp4.2.1any
phpphp4.2.2any
phpphp4.2.3any
phpphp4.3.0any
phpphp4.3.1any
phpphp4.3.2any
phpphp4.3.3any
phpphp4.3.4any
phpphp4.3.5any
phpphp4.3.6any
phpphp4.3.7any
phpphp4.3.8any
phpphp4.3.9any
phpphp5.0any
phpphp5.0any
phpphp5.0any
phpphp5.0.0any
phpphp5.0.1any
phpphp5.0.2any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
trustixsecure_linux2.2any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 16

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
  • marc.info http://marc.info/?l=bugtraq&m=110314318531298&w=2
  • msgs.securepoint.com http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
  • hardened-php.net http://www.hardened-php.net/advisories/012004.txt
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
  • novell.com http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
  • oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
  • php.net http://www.php.net/release_4_3_10.php
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-687.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-032.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-816.html
  • securityfocus.com http://www.securityfocus.com/advisories/9028
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2344
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18514
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511

Remediation

  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-687.html
    PatchVendor Advisory