Description
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-0274 Vulnerability (CVE-2006-0274)
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-40597)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26272)