CVE-2006-1490

Publication date 29 March 2006

Last updated 4 August 2025

Ubuntu priority

Description

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a “binary safety” issue. NOTE: this issue has been referred to as a “memory leak,” but it is an information leak that discloses memory contents.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
php4	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Fixed 4.4.2-1.1
	6.06 LTS dapper	Ignored end of life
php5	9.10 karmic	Fixed 5.2.3-1ubuntu5
	9.04 jaunty	Fixed 5.2.3-1ubuntu5
	8.10 intrepid	Fixed 5.2.3-1ubuntu5
	8.04 LTS hardy	Fixed 5.2.3-1ubuntu5
	7.10 gutsy	Fixed 5.2.3-1ubuntu5
	7.04 feisty	Fixed 5.2.1-0ubuntu1.4
	6.10 edgy	Fixed 5.1.6-1ubuntu2.6
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.9

CVE-2006-1490

Description

Status

References

Related Ubuntu Security Notices (USN)

Other references