The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openpkg | Openpkg | 2.0 (including) | 2.0 (including) |
| Openpkg | Openpkg | 2.1 (including) | 2.1 (including) |
| Converged_communications_server | Avaya | 2.0 (including) | 2.0 (including) |
| Debian_linux | Debian | 3.0 (including) | 3.0 (including) |
| Hp-ux | Hp | b.11.00 (including) | b.11.00 (including) |
| Hp-ux | Hp | b.11.11 (including) | b.11.11 (including) |
| Hp-ux | Hp | b.11.22 (including) | b.11.22 (including) |
| Hp-ux | Hp | b.11.23 (including) | b.11.23 (including) |
| Secure_linux | Trustix | 1.5 (including) | 1.5 (including) |
| Secure_linux | Trustix | 2.0 (including) | 2.0 (including) |
| Secure_linux | Trustix | 2.1 (including) | 2.1 (including) |