CVE-2010-1866

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

Published: May 8, 2010
Updated: May 9, 2024
CVE: CVE-2010-1866
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-190
CWE-189

Affected Software
References

Software	From	Fixed in
php / php	5.3.0	5.3.2.x
opensuse / opensuse	11.1	11.1.x
opensuse / opensuse	11.2	11.2.x
opensuse / opensuse	11.3	11.3.x
suse / linux_enterprise	11.0-sp1	11.0-sp1.x
suse / linux_enterprise	11.0	11.0.x
suse / linux_enterprise	10.0-sp3	10.0-sp3.x

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html

Vulnerability Database

289,689

CVE-2010-1866