Lucene search
HistoryMar 20, 2011 - 2:00 a.m.
CVE-2011-1467
cve-2011-1467
vulnerability
numberformatter::setsymbol
php
denial of service
nvd
cve-2010-4409
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.6 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
Affected configurations
Node
phpphpRange≤5.3.5
ORphpphpMatch1.0
ORphpphpMatch2.0
ORphpphpMatch2.0b10
ORphpphpMatch3.0
ORphpphpMatch3.0.1
ORphpphpMatch3.0.2
ORphpphpMatch3.0.3
ORphpphpMatch3.0.4
ORphpphpMatch3.0.5
ORphpphpMatch3.0.6
ORphpphpMatch3.0.7
ORphpphpMatch3.0.8
ORphpphpMatch3.0.9
ORphpphpMatch3.0.10
ORphpphpMatch3.0.11
ORphpphpMatch3.0.12
ORphpphpMatch3.0.13
ORphpphpMatch3.0.14
ORphpphpMatch3.0.15
ORphpphpMatch3.0.16
ORphpphpMatch3.0.17
ORphpphpMatch3.0.18
ORphpphpMatch4.0
ORphpphpMatch4.0beta_4_patch1
ORphpphpMatch4.0beta1
ORphpphpMatch4.0beta2
ORphpphpMatch4.0beta3
ORphpphpMatch4.0beta4
ORphpphpMatch4.0.0
ORphpphpMatch4.0.1
ORphpphpMatch4.0.2
ORphpphpMatch4.0.3
ORphpphpMatch4.0.4
ORphpphpMatch4.0.5
ORphpphpMatch4.0.6
ORphpphpMatch4.0.7
ORphpphpMatch4.1.0
ORphpphpMatch4.1.1
ORphpphpMatch4.1.2
ORphpphpMatch4.2.0
ORphpphpMatch4.2.1
ORphpphpMatch4.2.2
ORphpphpMatch4.2.3
ORphpphpMatch4.3.0
ORphpphpMatch4.3.1
ORphpphpMatch4.3.2
ORphpphpMatch4.3.3
ORphpphpMatch4.3.4
ORphpphpMatch4.3.5
ORphpphpMatch4.3.6
ORphpphpMatch4.3.7
ORphpphpMatch4.3.8
ORphpphpMatch4.3.9
ORphpphpMatch4.3.10
ORphpphpMatch4.3.11
ORphpphpMatch4.4.0
ORphpphpMatch4.4.1
ORphpphpMatch4.4.2
ORphpphpMatch4.4.3
ORphpphpMatch4.4.4
ORphpphpMatch4.4.5
ORphpphpMatch4.4.6
ORphpphpMatch4.4.7
ORphpphpMatch4.4.8
ORphpphpMatch4.4.9
ORphpphpMatch5.0.0
ORphpphpMatch5.0.0beta1
ORphpphpMatch5.0.0beta2
ORphpphpMatch5.0.0beta3
ORphpphpMatch5.0.0beta4
ORphpphpMatch5.0.0rc1
ORphpphpMatch5.0.0rc2
ORphpphpMatch5.0.0rc3
ORphpphpMatch5.0.1
ORphpphpMatch5.0.2
ORphpphpMatch5.0.3
ORphpphpMatch5.0.4
ORphpphpMatch5.0.5
ORphpphpMatch5.1.0
ORphpphpMatch5.1.1
ORphpphpMatch5.1.2
ORphpphpMatch5.1.3
ORphpphpMatch5.1.4
ORphpphpMatch5.1.5
ORphpphpMatch5.1.6
ORphpphpMatch5.2.0
ORphpphpMatch5.2.1
ORphpphpMatch5.2.2
ORphpphpMatch5.2.3
ORphpphpMatch5.2.4
ORphpphpMatch5.2.4windows
ORphpphpMatch5.2.5
ORphpphpMatch5.2.6
ORphpphpMatch5.2.7
ORphpphpMatch5.2.8
ORphpphpMatch5.2.9
ORphpphpMatch5.2.10
ORphpphpMatch5.2.11
ORphpphpMatch5.2.12
ORphpphpMatch5.2.13
ORphpphpMatch5.2.14
ORphpphpMatch5.2.15
ORphpphpMatch5.2.16
ORphpphpMatch5.2.17
ORphpphpMatch5.3.0
ORphpphpMatch5.3.1
ORphpphpMatch5.3.2
ORphpphpMatch5.3.3
ORphpphpMatch5.3.4
References
bugs.php.net/bug.php?id=53512
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
support.apple.com/kb/HT5002
www.mandriva.com/security/advisories?name=MDVSA-2011:052
www.mandriva.com/security/advisories?name=MDVSA-2011:053
www.php.net/ChangeLog-5.php
www.securityfocus.com/bid/46968
www.vupen.com/english/advisories/2011/0744
Related
cvelist
cvelist
CVE-2011-1467
2011-03-20 01:00:00
CVE-2010-4409
2010-12-06 20:00:00
prion
prion
Design/Logic Flaw
2011-03-20 02:00:00
Integer overflow
2010-12-06 20:13:00
nvd
nvd
CVE-2011-1467
2011-03-20 02:00:04
CVE-2010-4409
2010-12-06 20:13:00
ubuntucve
ubuntucve
CVE-2011-1467
2011-03-19 00:00:00
CVE-2010-4409
2010-12-06 00:00:00
seebug
seebug
PHP "Intl"扩展"NumberFormatter::setSymbol()"函数拒绝服务漏洞
2011-03-27 00:00:00
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
2014-07-01 00:00:00
securityvulns
securityvulns
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
2010-12-12 00:00:00
PHP integer overflow
2010-12-12 00:00:00
PHP multiple security vulnerabilities
2011-05-01 00:00:00
exploitpack
exploitpack
PHP 5.3.3 - NumberFormatter::getSymbol Integer Overflow
2010-12-10 00:00:00
openvas
openvas
Mandriva Update for php-intl MDVSA-2010:255 (php-intl)
2010-12-28 00:00:00
Mandriva Update for php-intl MDVSA-2010:255 (php-intl)
2010-12-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0109-1)
2021-06-09 00:00:00
nessus
nessus
openSUSE Security Update : icu (openSUSE-2012-57)
2014-06-13 00:00:00
SuSE 10 Security Update : icu (ZYPP Patch Number 7928)
2012-01-20 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2011:052)
2011-03-24 00:00:00
cve
cve
CVE-2010-4409
2010-12-06 20:13:00
packetstorm
packetstorm
PHP 5.3.3 Integer Overflow
2010-12-10 00:00:00
exploitdb
exploitdb
PHP 5.3.3 - NumberFormatter::getSymbol Integer Overflow
2010-12-10 00:00:00
debian
debian
[SECURITY] [DSA 2408-1] php5 security update
2012-02-13 18:15:24
osv
osv
php5 - several
2012-02-13 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2011-04-29 00:00:00
PHP Regressions
2011-05-05 00:00:00
PHP vulnerabilities
2011-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: php-5.3.4-1.fc14.1
2011-01-04 20:55:36
[SECURITY] Fedora 13 Update: php-5.3.4-1.fc13.1
2011-01-04 20:53:11
[SECURITY] Fedora 13 Update: maniadrive-1.2-23.fc13
2011-01-04 20:53:11
f5
f5
SOL13518 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
Multiple PHP vulnerabilities
2012-04-05 02:07:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.6 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
Related for CVE-2011-1467