Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026
CVE-2006-4812
CVE-2006-4812
Description
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Affected products
38cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
26- rhn.redhat.com/errata/RHSA-2006-0708.htmlnvdPatchVendor Advisory
- secunia.com/advisories/22280nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.hardened-php.net/files/CVE-2006-4812.patchnvdPatch
- www.hardened-php.net/advisory_092006.133.htmlnvdVendor Advisory
- cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.cnvd
- lists.suse.com/archive/suse-security-announce/2006-Oct/0002.htmlnvd
- rhn.redhat.com/errata/RHSA-2006-0688.htmlnvd
- secunia.com/advisories/22281nvd
- secunia.com/advisories/22300nvd
- secunia.com/advisories/22331nvd
- secunia.com/advisories/22338nvd
- secunia.com/advisories/22533nvd
- secunia.com/advisories/22538nvd
- secunia.com/advisories/22650nvd
- securityreason.com/securityalert/1691nvd
- support.avaya.com/elmodocs2/security/ASA-2006-223.htmnvd
- support.avaya.com/elmodocs2/security/ASA-2006-234.htmnvd
- www.gentoo.org/security/en/glsa/glsa-200610-14.xmlnvd
- www.securityfocus.com/archive/1/448014/100/0/threadednvd
- www.securityfocus.com/archive/1/448953/100/0/threadednvd
- www.securityfocus.com/bid/20349nvd
- www.trustix.org/errata/2006/0055nvd
- www.ubuntu.com/usn/usn-362-1nvd
- www.vupen.com/english/advisories/2006/3922nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29362nvd
News mentions
0No linked articles in our index yet.