Vulnerability Details CVE-2003-0166
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.364
EPSS Ranking 97.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
- http://marc.info/?l=bugtraq&m=104869828526885&w=2
- http://marc.info/?l=bugtraq&m=104878100719467&w=2
- http://marc.info/?l=bugtraq&m=104931415307111&w=2
- http://www.securityfocus.com/bid/7197
- http://www.securityfocus.com/bid/7198
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
- http://marc.info/?l=bugtraq&m=104869828526885&w=2
- http://marc.info/?l=bugtraq&m=104878100719467&w=2
- http://marc.info/?l=bugtraq&m=104931415307111&w=2
- http://www.securityfocus.com/bid/7197
- http://www.securityfocus.com/bid/7198
Products affected by CVE-2003-0166
-
cpe:2.3:a:php:php:4.0
-
cpe:2.3:a:php:php:4.0.1
-
cpe:2.3:a:php:php:4.0.2
-
cpe:2.3:a:php:php:4.0.3
-
cpe:2.3:a:php:php:4.0.4
-
cpe:2.3:a:php:php:4.0.5
-
cpe:2.3:a:php:php:4.0.6
-
cpe:2.3:a:php:php:4.0.7
-
cpe:2.3:a:php:php:4.1.0
-
cpe:2.3:a:php:php:4.1.1
-
cpe:2.3:a:php:php:4.1.2
-
cpe:2.3:a:php:php:4.2.0
-
cpe:2.3:a:php:php:4.2.1
-
cpe:2.3:a:php:php:4.2.2
-
cpe:2.3:a:php:php:4.2.3
-
cpe:2.3:a:php:php:4.3.0
-
cpe:2.3:a:php:php:4.3.1