Lucene search

K

MitreCVELIST:CVE-2011-4153

HistoryJan 18, 2012 - 8:00 p.m.

CVE-2011-4153

2012-01-1820:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

References

archives.neohapsis.com/archives/bugtraq/2012-01/0092.html

cxsecurity.com/research/103

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

marc.info/?l=bugtraq&m=134012830914727&w=2

secunia.com/advisories/48668

www.exploit-db.com/exploits/18370/

6.3 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

Related for CVELIST:CVE-2011-4153

packetstorm1 securityvulns2 prion2 seebug4 veracode7 cve2 ubuntucve2 exploitpack1 nvd2 cvelist1 openvas28 exploitdb1 nessus21 suse5 oraclelinux3 centos3 redhat3 ubuntu2 debian1 osv1