CVE-2006-4020

N/A Unknown

Published: August 08, 2006 Modified: April 16, 2026

Description

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

Source: secalert@redhat.com

http://bugs.php.net/bug.php?id=38322

Source: secalert@redhat.com

Exploit Patch

http://rhn.redhat.com/errata/RHSA-2006-0688.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2006-0736.html

Source: secalert@redhat.com

http://secunia.com/advisories/21403

Source: secalert@redhat.com

http://secunia.com/advisories/21467

Source: secalert@redhat.com

http://secunia.com/advisories/21546

Source: secalert@redhat.com

http://secunia.com/advisories/21608

Source: secalert@redhat.com

http://secunia.com/advisories/21683

Source: secalert@redhat.com

http://secunia.com/advisories/21768

Source: secalert@redhat.com

http://secunia.com/advisories/21847

Source: secalert@redhat.com

http://secunia.com/advisories/22004

Source: secalert@redhat.com

http://secunia.com/advisories/22039

Source: secalert@redhat.com

http://secunia.com/advisories/22069

Source: secalert@redhat.com

http://secunia.com/advisories/22440

Source: secalert@redhat.com

http://secunia.com/advisories/22487

Source: secalert@redhat.com

http://secunia.com/advisories/22538

Source: secalert@redhat.com

http://secunia.com/advisories/23247

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200608-28.xml

Source: secalert@redhat.com

http://securityreason.com/securityalert/1341

Source: secalert@redhat.com

http://securitytracker.com/id?1016984

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:144

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_19_sr.html

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_20_sr.html

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_22_sr.html

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_52_php.html

Source: secalert@redhat.com

http://www.php.net/ChangeLog-5.php#5.1.5

Source: secalert@redhat.com

http://www.php.net/release_5_1_5.php

Source: secalert@redhat.com

http://www.plain-text.info/sscanf_bug.txt

Source: secalert@redhat.com

Exploit URL Repurposed

http://www.redhat.com/support/errata/RHSA-2006-0669.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2006-0682.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/442438/30/0/threaded

Source: secalert@redhat.com

Exploit Patch Vendor Advisory

http://www.securityfocus.com/bid/19415

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-342-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2006/3193

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11062

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc