Vulnerabilities > CVE-2009-4418 - Numeric Errors vulnerability in PHP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
php
CWE-189
NVD
Published: 2009-12-24
Updated: 2018-10-30

Summary

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.

Vulnerable Configurations

Part Description Count
Application
Php
401

Common Weakness Enumeration (CWE)

Statements

contributorTomas Hoger
lastmodified2010-01-04
organizationRed Hat
statementRed Hat does not consider this to be a security flaw. For further details, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4418

References