PHP "Intl"扩展"NumberFormatter::setSymbol()"函数拒绝服务漏洞

BUGTRAQ ID: 46968 CVE ID: CVE-2011-1467 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP "Intl"扩展"NumberFormatter::setSymbol"函数在实现上存在拒绝服务漏洞，远程攻击者可利用此漏洞造成应用程序崩溃，拒绝服务和任意代码执行。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 PHP PHP 5.x 厂商补丁： PHP ---...

Design/Logic Flaw

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

CVE-2011-1467

CVE-2011-1467: Unspecified vulnerability in PHP's Intl extension, NumberFormatter::setSymbol (numfmt_set_symbol), allows a context-dependent attacker to cause a denial of service (application crash) via an invalid argument in PHP prior to 5.3.6. The issue is related to CVE-2010-4409. Remediation ...

CVE-2011-1467

Unspecified vulnerability in the NumberFormatter::setSymbol aka numfmtsetsymbol function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash via an invalid argument, a related issue to CVE-2010-4409...

PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service

source: https://www.securityfocus.com/bid/46968/info PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension. Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-executio...