CVE-2010-1866

Name	CVE-2010-1866
Description	The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
php5 (PTS)	jessie, jessie (lts)	5.6.40+dfsg-0+deb8u18	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
php5	source	lenny	(not affected)
php5	source	(unstable)	5.3.3-1	low

[lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)