Lucene search

[email protected]NVD:CVE-2011-1148

HistoryMar 18, 2011 - 3:55 p.m.

CVE-2011-1148

2011-03-1815:55:01

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.016

Percentile

87.4%

JSON

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

Affected configurations

Nvd

Node

phpphpRange≤5.3.6

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp1.0cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*
phpphp2.0cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*
phpphp2.0b10cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*
phpphp3.0cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
phpphp3.0.1cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
phpphp3.0.2cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
phpphp3.0.3cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
phpphp3.0.4cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
phpphp3.0.5cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	*	cpe:2.3:a:php:php::::::::
php	php	1.0	cpe:2.3:a:php:php:1.0:::::::*
php	php	2.0	cpe:2.3:a:php:php:2.0:::::::*
php	php	2.0b10	cpe:2.3:a:php:php:2.0b10:::::::*
php	php	3.0	cpe:2.3:a:php:php:3.0:::::::*
php	php	3.0.1	cpe:2.3:a:php:php:3.0.1:::::::*
php	php	3.0.2	cpe:2.3:a:php:php:3.0.2:::::::*
php	php	3.0.3	cpe:2.3:a:php:php:3.0.3:::::::*
php	php	3.0.4	cpe:2.3:a:php:php:3.0.4:::::::*
php	php	3.0.5	cpe:2.3:a:php:php:3.0.5:::::::*