CVE-2004-0594

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Published: Jul 27, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0594
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
trustix / secure_linux	2.0	2.0.x
avaya / converged_communications_server	2.0	2.0.x
trustix / secure_linux	1.5	1.5.x
trustix / secure_linux	2.1	2.1.x
openpkg / openpkg	2.0	2.0.x
hp / hp-ux	b.11.23	b.11.23.x
openpkg / openpkg	2.1	2.1.x
hp / hp-ux	b.11.11	b.11.11.x
hp / hp-ux	b.11.00	b.11.00.x
debian / debian_linux	3.0	3.0.x
hp / hp-ux	b.11.22	b.11.22.x
php / php	5.0.0-beta1	5.0.0-beta1.x
php / php	5.0.0-rc2	5.0.0-rc2.x
php / php	5.0.0-beta3	5.0.0-beta3.x
php / php	5.0.0-rc1	5.0.0-rc1.x
php / php	5.0.0-beta4	5.0.0-beta4.x
php / php	5.0.0-beta2	5.0.0-beta2.x
php / php	4.0	4.3.7

Vulnerability Database

289,599

CVE-2004-0594