Lucene search

K

[email protected]NVD:CVE-2011-4153

HistoryJan 18, 2012 - 8:55 p.m.

CVE-2011-4153

2012-01-1820:55:02

CWE-20

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Affected configurations

NVD

Node

phpphpMatch5.3.8

References

archives.neohapsis.com/archives/bugtraq/2012-01/0092.html

cxsecurity.com/research/103

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

marc.info/?l=bugtraq&m=134012830914727&w=2

secunia.com/advisories/48668

www.exploit-db.com/exploits/18370/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

Related for NVD:CVE-2011-4153

packetstorm1 securityvulns2 prion2 seebug4 veracode7 cvelist2 ubuntucve2 cve2 exploitpack1 nvd1 openvas28 exploitdb1 nessus21 suse5 oraclelinux3 centos3 redhat3 ubuntu2 debian1 osv1