Lucene search

K
cve[email protected]CVE-2011-1471
HistoryMar 20, 2011 - 2:00 a.m.

CVE-2011-1471

2011-03-2002:00:00
CWE-189
web.nvd.nist.gov
59
cve-2011-1471
php
zip extension
denial of service
cpu consumption
zip_fread
nvd

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.7%

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

CPENameOperatorVersion
php:phpphplt5.2.11
php:phpphplt5.3.6

6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.7%