CVE-2004-1019
NONE EPSS 94.1%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Threat Intelligence
EPSS Exploit Probability
94.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 65
| Vendor | Product | Version | Range |
|---|---|---|---|
| openpkg | openpkg | 2.1 | any |
| openpkg | openpkg | 2.2 | any |
| openpkg | openpkg | current | any |
| php | php | 3.0 | any |
| php | php | 3.0.1 | any |
| php | php | 3.0.2 | any |
| php | php | 3.0.3 | any |
| php | php | 3.0.4 | any |
| php | php | 3.0.5 | any |
| php | php | 3.0.6 | any |
| php | php | 3.0.7 | any |
| php | php | 3.0.8 | any |
| php | php | 3.0.9 | any |
| php | php | 3.0.10 | any |
| php | php | 3.0.11 | any |
| php | php | 3.0.12 | any |
| php | php | 3.0.13 | any |
| php | php | 3.0.14 | any |
| php | php | 3.0.15 | any |
| php | php | 3.0.16 | any |
| php | php | 3.0.17 | any |
| php | php | 3.0.18 | any |
| php | php | 4.0 | any |
| php | php | 4.0.1 | any |
| php | php | 4.0.1 | any |
| php | php | 4.0.1 | any |
| php | php | 4.0.2 | any |
| php | php | 4.0.3 | any |
| php | php | 4.0.3 | any |
| php | php | 4.0.4 | any |
| php | php | 4.0.5 | any |
| php | php | 4.0.6 | any |
| php | php | 4.0.7 | any |
| php | php | 4.0.7 | any |
| php | php | 4.0.7 | any |
| php | php | 4.0.7 | any |
| php | php | 4.1.0 | any |
| php | php | 4.1.1 | any |
| php | php | 4.1.2 | any |
| php | php | 4.2 | any |
| php | php | 4.2.0 | any |
| php | php | 4.2.1 | any |
| php | php | 4.2.2 | any |
| php | php | 4.2.3 | any |
| php | php | 4.3.0 | any |
| php | php | 4.3.1 | any |
| php | php | 4.3.2 | any |
| php | php | 4.3.3 | any |
| php | php | 4.3.4 | any |
| php | php | 4.3.5 | any |
| php | php | 4.3.6 | any |
| php | php | 4.3.7 | any |
| php | php | 4.3.8 | any |
| php | php | 4.3.9 | any |
| php | php | 5.0 | any |
| php | php | 5.0 | any |
| php | php | 5.0 | any |
| php | php | 5.0.0 | any |
| php | php | 5.0.1 | any |
| php | php | 5.0.2 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| trustix | secure_linux | 2.2 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 16
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
- marc.info http://marc.info/?l=bugtraq&m=110314318531298&w=2
- msgs.securepoint.com http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
- hardened-php.net http://www.hardened-php.net/advisories/012004.txt
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
- novell.com http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
- oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- php.net http://www.php.net/release_4_3_10.php
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-687.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-032.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-816.html
- securityfocus.com http://www.securityfocus.com/advisories/9028
- bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2344
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18514
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511
Remediation
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-687.html