Lucene search

K

[email protected]CVE-2011-0421

HistoryMar 20, 2011 - 2:00 a.m.

CVE-2011-0421

2011-03-2002:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

76

cve-2011-0421

zip extension

php

denial of service

null pointer dereference

nvd

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

CPENameOperatorVersion
php:phpphpeq4.3.9
php:phpphpeq4.4.9
php:phpphpeq3.0
php:phpphpeq5.2.9
php:phpphpeq4.0
php:phpphpeq3.0.5
php:phpphpeq3.0.11
php:phpphpeq5.2.4
php:phpphpeq5.1.5
php:phpphpeq5.1.2

Rows per page:

1-10 of 971

References

bugs.php.net/bug.php?id=53885

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

marc.info/?l=bugtraq&m=133469208622507&w=2

secunia.com/advisories/43621

securityreason.com/achievement_securityalert/96

securityreason.com/securityalert/8146

support.apple.com/kb/HT5002

svn.php.net/viewvc/?view=revision&revision=307867

www.debian.org/security/2011/dsa-2266

www.exploit-db.com/exploits/17004

www.mandriva.com/security/advisories?name=MDVSA-2011:052

www.mandriva.com/security/advisories?name=MDVSA-2011:053

www.mandriva.com/security/advisories?name=MDVSA-2011:099

www.php.net/archive/2011.php

www.php.net/ChangeLog-5.php

www.php.net/releases/5_3_6.php

www.securityfocus.com/archive/1/517065/100/0/threaded

www.securityfocus.com/bid/46354

www.vupen.com/english/advisories/2011/0744

www.vupen.com/english/advisories/2011/0764

www.vupen.com/english/advisories/2011/0890

bugzilla.redhat.com/show_bug.cgi?id=688735

exchange.xforce.ibmcloud.com/vulnerabilities/66173

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

Related for CVE-2011-0421

nessus25 exploitpack1 openvas35 seebug2 debiancve1 ubuntucve1 securityvulns7 prion1 packetstorm1 freebsd1 exploitdb1 slackware1 fedora9 debian2 osv1 ubuntu2 f52 gentoo1