Lucene search

K
freebsdFreeBSDFE853666-56CE-11E0-9668-001FD0D616CF
HistoryMar 20, 2011 - 12:00 a.m.

php -- ZipArchive segfault with FL_UNCHANGED on empty archive

2011-03-2000:00:00
vuxml.freebsd.org
18

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

US-CERT/NIST reports:

The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause a
denial of service (application crash) via an empty ZIP archive that is
processed with a (1) locateName or (2) statName operation.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphp5-zip< 5.3.6UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%