CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.4%
Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :
A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)
A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)
A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)
crypt_blowfish was updated to 1.2. (CVE-2011-2483)
Multiple null pointer dereferences exist.
An unspecified crash exists in error_log().
A buffer overflow vulnerability exists in crypt().
Binary data 801087.prm
.php.net/releases/5.3.7.php
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
bugs.php.net/bug.php?id=54238
bugs.php.net/bug.php?id=54681
bugs.php.net/bug.php?id=54939
securityreason.com/achievement_securityalert/101
securityreason.com/exploitalert/10738