CVE-2006-4020

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/442438/30/0/threaded", "name": "20060804 php local buffer underflow could lead to arbitary code execution", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.plain-text.info/sscanf_bug.txt", "name": "http://www.plain-text.info/sscanf_bug.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://bugs.php.net/bug.php?id=38322", "name": "http://bugs.php.net/bug.php?id=38322", "tags": ["Exploit", "Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/19415", "name": "19415", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21403", "name": "21403", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html", "name": "SUSE-SR:2006:019", "tags": [], "refsource": "SUSE"}, {"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html", "name": "SUSE-SR:2006:020", "tags": [], "refsource": "SUSE"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:144", "name": "MDKSA-2006:144", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/21608", "name": "21608", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.php.net/ChangeLog-5.php#5.1.5", "name": "http://www.php.net/ChangeLog-5.php#5.1.5", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.php.net/release_5_1_5.php", "name": "http://www.php.net/release_5_1_5.php", "tags": [], "refsource": "CONFIRM"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-28.xml", "name": "GLSA-200608-28", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/21546", "name": "21546", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21683", "name": "21683", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html", "name": "SUSE-SR:2006:022", "tags": [], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/usn-342-1", "name": "USN-342-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/21768", "name": "21768", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0669.html", "name": "RHSA-2006:0669", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0682.html", "name": "RHSA-2006:0682", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.novell.com/linux/security/advisories/2006_52_php.html", "name": "SUSE-SA:2006:052", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/22004", "name": "22004", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22069", "name": "22069", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1016984", "name": "1016984", "tags": [], "refsource": "SECTRACK"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/22440", "name": "22440", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html", "name": "RHSA-2006:0688", "tags": [], "refsource": "REDHAT"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", "name": "20061001-01-P", "tags": [], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/22538", "name": "22538", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22487", "name": "22487", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21847", "name": "21847", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22039", "name": "22039", "tags": [], "refsource": "SECUNIA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html", "name": "RHSA-2006:0736", "tags": [], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/23247", "name": "23247", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21467", "name": "21467", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1341", "name": "1341", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/3193", "name": "ADV-2006-3193", "tags": [], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11062", "name": "oval:org.mitre.oval:def:11062", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4020", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-08T20:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}