PRIOn knowledge basePRION:CVE-2009-1272

HistoryApr 08, 2009 - 6:30 p.m.

Input validation

2009-04-0818:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

86.9%

JSON

The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.

CPENameOperatorVersion
phpeq5.2.4 windows
phpeq5.2.7
phpeq5.2.2
phpeq5.2.5
phpeq5.2.6
phpeq5.2.3
phpeq5.2.0
phpeq5.2.4
phpeq5.2.1
phpeq5.2.8

Name	Operator	Version
php	eq	5.2.4 windows
php	eq	5.2.7
php	eq	5.2.2
php	eq	5.2.5
php	eq	5.2.6
php	eq	5.2.3
php	eq	5.2.0
php	eq	5.2.4
php	eq	5.2.1
php	eq	5.2.8

References

cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.48&r2=1.1.2.49

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

secunia.com/advisories/35685

secunia.com/advisories/36701

support.apple.com/kb/HT3865

www.openwall.com/lists/oss-security/2009/04/01/9

www.openwall.com/lists/oss-security/2009/04/09/1

www.php.net/releases/5_2_9.php

marc.info/?l=bugtraq&m=125017764422557&w=2

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

86.9%

JSON

Related for PRION:CVE-2009-1272