Vulnerabilities > CVE-2009-4418 - Numeric Errors vulnerability in PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Statements
| contributor | Tomas Hoger |
| lastmodified | 2010-01-04 |
| organization | Red Hat |
| statement | Red Hat does not consider this to be a security flaw. For further details, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4418 |