Description

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

Remediation

References

CVE-2006-1990

Related Vulnerabilities

WordPress Plugin Participants Database Multiple Vulnerabilities (1.7.5.3)

Jenkins Improper Authentication Vulnerability (CVE-2014-2066)

WeBid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000882)

MyBB Other Vulnerability (CVE-2007-0622)

WordPress Plugin Coming Soon & Maintenance Mode Page PHP Object Injection (1.42)

Severity

Medium

Classification

CVE-2006-1990

Tags

Missing Update Known Vulnerabilities