← CVECheck
HomeVulnerabilities

CVE-2004-0594 — MEDIUM severity vulnerability (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5)

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor po

CVE IDCVE-2004-0594
SeverityMEDIUM
CVSS score5.1
CVSS vectorAV:N/AC:H/Au:N/C:P/I:P/A:P
CWECWE-367
StatusModified
Published2004-07-27
Last modified2026-04-16
DescriptionThe memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →