The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openpkg | Openpkg | 2.0 (including) | 2.0 (including) |
| Openpkg | Openpkg | 2.1 (including) | 2.1 (including) |
| Converged_communications_server | Avaya | 2.0 (including) | 2.0 (including) |
| Debian_linux | Debian | 3.0 (including) | 3.0 (including) |
| Hp-ux | Hp | b.11.00 (including) | b.11.00 (including) |
| Hp-ux | Hp | b.11.11 (including) | b.11.11 (including) |
| Hp-ux | Hp | b.11.22 (including) | b.11.22 (including) |
| Hp-ux | Hp | b.11.23 (including) | b.11.23 (including) |
| Secure_linux | Trustix | 1.5 (including) | 1.5 (including) |
| Secure_linux | Trustix | 2.0 (including) | 2.0 (including) |
| Secure_linux | Trustix | 2.1 (including) | 2.1 (including) |
| Red Hat Enterprise Linux 3 | RedHat | php-0:4.3.2-11.1.ent | * |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Red Hat Stronghold 4 | RedHat | * | |
| Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) | RedHat | * |