Lucene search

[email protected]CVE-2011-0420

HistoryFeb 19, 2011 - 1:00 a.m.

CVE-2011-0420

2011-02-1901:00:02

[email protected]

web.nvd.nist.gov

cve-2011-0420

grapheme_extract

internationalization extension

icu

php 5.3.5

denial of service

crash

null pointer dereference

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.5

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

Affected configurations

NVD

Node

phpphpMatch5.3.5

VendorProductVersionCPE
phpphp5.3.5cpe:/a:php:php:5.3.5:::

Vendor	Product	Version	CPE
php	php	5.3.5	cpe:/a:php:php:5.3.5:::

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

securityreason.com/achievement_securityalert/94

securityreason.com/securityalert/8087

support.apple.com/kb/HT5002

svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449

www.debian.org/security/2011/dsa-2266

www.exploit-db.com/exploits/16182

www.kb.cert.org/vuls/id/210829

www.securityfocus.com/archive/1/516504/100/0/threaded

www.securityfocus.com/archive/1/516518/100/0/threaded

www.securityfocus.com/bid/46429

exchange.xforce.ibmcloud.com/vulnerabilities/65437

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.5

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Related for CVE-2011-0420

securityvulns7 cvelist1 packetstorm1 prion1 exploitpack1 ubuntucve1 openvas12 nvd1 exploitdb1 debian2 nessus7 osv1 ubuntu2 gentoo1