Vulnerabilities > CVE-2009-4418 - Numeric Errors vulnerability in PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Statements
contributor | Tomas Hoger |
lastmodified | 2010-01-04 |
organization | Red Hat |
statement | Red Hat does not consider this to be a security flaw. For further details, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4418 |