logo
DATABASE RESOURCES PRICING ABOUT US

FreeBSD : php -- ZipArchive segfault with FL_UNCHANGED on empty archive (fe853666-56ce-11e0-9668-001fd0d616cf)

Description

US-CERT/NIST reports : The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.


Related