CVE-2011-1092
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.4%
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
References
bugs.php.net/bug.php?id=54193
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
marc.info/?l=bugtraq&m=133469208622507&w=2
securityreason.com/securityalert/8130
support.apple.com/kb/HT5002
svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018
www.exploit-db.com/exploits/16966
www.mandriva.com/security/advisories?name=MDVSA-2011:052
www.mandriva.com/security/advisories?name=MDVSA-2011:053
www.openwall.com/lists/oss-security/2011/03/08/11
www.openwall.com/lists/oss-security/2011/03/08/9
www.php.net/archive/2011.php
www.php.net/ChangeLog-5.php
www.php.net/releases/5_3_6.php
www.securityfocus.com/bid/46786
www.vupen.com/english/advisories/2011/0744
bugzilla.redhat.com/show_bug.cgi?id=683183
exchange.xforce.ibmcloud.com/vulnerabilities/65988
Social References
More
Related
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.4%