CVE-2006-4486 | Vulnerability Database | Aqua Security

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php	Php	5.1.4 (including)	5.1.4 (including)
Php	Php	5.1.5 (including)	5.1.5 (including)

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://rhn.redhat.com/errata/RHSA-2006-0688.html
http://secunia.com/advisories/21546
http://secunia.com/advisories/22004
http://secunia.com/advisories/22069
http://secunia.com/advisories/22225
http://secunia.com/advisories/22331
http://secunia.com/advisories/22440
http://secunia.com/advisories/22487
http://secunia.com/advisories/22538
http://secunia.com/advisories/25945
http://securitytracker.com/id?1016984
http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
http://www.debian.org/security/2007/dsa-1331
http://www.hardened-php.net/hphp/changelog.html#hardening_patch_0.4.14
http://www.novell.com/linux/security/advisories/2006_52_php.html
http://www.php.net/ChangeLog-5.php#5.1.6
http://www.php.net/release_5_1_6.php
http://www.redhat.com/support/errata/RHSA-2006-0669.html
http://www.redhat.com/support/errata/RHSA-2006-0682.html
http://www.securityfocus.com/archive/1/447866/100/0/threaded
http://www.securityfocus.com/bid/19582
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-362-1
https://issues.rpath.com/browse/RPL-683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11086

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4486
CWE	https://cwe.mitre.org/data/definitions/189.html