FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php-imap -- Denial of Service

Affected packages
php5-imap < 5.3.4
php52-imap < 5.2.15

Details

VuXML ID 1a0704e7-0edf-11e0-becc-0022156e8794
Discovery 2010-12-13
Entry 2011-01-13

The following DoS condition in IMAP extension was fixed in PHP 5.3.4 and PHP 5.2.15:

A remote user can send specially crafted IMAP user name or password data to trigger a double free memory error in 'ext/imap/php_imap.c' and cause the target service to crash.

It may be possible to execute arbitrary code. However, code execution was not confirmed.

References

CVE Name CVE-2010-4150
URL http://www.php.net/releases/5_2_15.php
URL http://www.php.net/releases/5_3_4.php