CVE-2006-3017
CVE-2006-3017
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uhttp://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.htmlhttp://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=loghttp://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/19927http://secunia.com/advisories/21031http://secunia.com/advisories/21050http://secunia.com/advisories/21125http://secunia.com/advisories/21135http://secunia.com/advisories/21202http://secunia.com/advisories/21252