← back
CVE-2006-4020

CVE-2006-4020

EPSS 1.5%
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2193unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://bugs.php.net/bug.php?id=38322http://rhn.redhat.com/errata/RHSA-2006-0688.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0736.htmlhttp://secunia.com/advisories/21403http://secunia.com/advisories/21467http://secunia.com/advisories/21546http://secunia.com/advisories/21608http://secunia.com/advisories/21683http://secunia.com/advisories/21768http://secunia.com/advisories/21847http://secunia.com/advisories/22004