Lucene search

[email protected]NVD:CVE-2011-0421

HistoryMar 20, 2011 - 2:00 a.m.

CVE-2011-0421

2011-03-2002:00:03

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

9.2

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Affected configurations

Nvd

Node

phpphpRange≤5.3.5

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.4windows

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

phpphpMatch5.2.15

phpphpMatch5.2.16

phpphpMatch5.2.17

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

References

bugs.php.net/bug.php?id=53885

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

marc.info/?l=bugtraq&m=133469208622507&w=2

secunia.com/advisories/43621

securityreason.com/achievement_securityalert/96

securityreason.com/securityalert/8146

support.apple.com/kb/HT5002

svn.php.net/viewvc/?view=revision&revision=307867

www.debian.org/security/2011/dsa-2266

www.exploit-db.com/exploits/17004

www.mandriva.com/security/advisories?name=MDVSA-2011:052

www.mandriva.com/security/advisories?name=MDVSA-2011:053

www.mandriva.com/security/advisories?name=MDVSA-2011:099

www.php.net/archive/2011.php

www.php.net/ChangeLog-5.php

www.php.net/releases/5_3_6.php

www.securityfocus.com/archive/1/517065/100/0/threaded

www.securityfocus.com/bid/46354

www.vupen.com/english/advisories/2011/0744

www.vupen.com/english/advisories/2011/0764

www.vupen.com/english/advisories/2011/0890

bugzilla.redhat.com/show_bug.cgi?id=688735

exchange.xforce.ibmcloud.com/vulnerabilities/66173

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

9.2

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

Related for NVD:CVE-2011-0421

nessus25 openvas35 exploitpack1 cve1 seebug2 debiancve1 securityvulns7 prion1 packetstorm1 freebsd1 ubuntucve1 cvelist1 exploitdb1 slackware1 fedora9 debian2 osv1 ubuntu2 f52 gentoo1