CVE-2006-3017

NameCVE-2006-3017
Descriptionzend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1206-1
NVD severityhigh (attack range: remote)
Debian Bugs381998

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)wheezy5.4.45-0+deb7u2fixed
wheezy (security)5.4.45-0+deb7u3fixed
jessie5.6.20+dfsg-0+deb8u1fixed
jessie (security)5.6.22+dfsg-0+deb8u1fixed
stretch5.6.22+dfsg-2fixed
sid5.6.23+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)4:4.4.4-1medium381998
php4sourcesarge4:4.3.10-18highDSA-1206-1
php5source(unstable)5.1.4-0.1medium

Search for package or bug name: Reporting problems