VYPR
Unrated severityNVD Advisory· Published Jan 6, 2006· Updated Jun 16, 2026

CVE-2006-0097

CVE-2006-0097

Description

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • PHP/PHP5 versions
    cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
    • (no CPE)range: 4.3.10 and 4.4.x < 4.4.3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.