CVE-2010-1866

Description

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

openSUSE / opensuse11.3 – 11.3
openSUSE / opensuse11.1 – 11.1
openSUSE / opensuse11.2 – 11.2
php / PHP5.3.0 – 5.3.2
SUSE / linux_enterprise10.0 – 10.0
SUSE / linux_enterprise11.0 – 11.0
SUSE / linux_enterprise11.0 – 11.0

References

MISChttp://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html