SUSE CVE-2011-1471

Integer signedness error in zipstream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service CPU consumption via a malformed archive file that triggers errors in zipfread function calls...

PHP 5.x<5.3.6 'Zip'扩展'zip_fread()'函数拒绝服务漏洞

No description provided by source...

PHP &quot;Zip&quot;扩展&quot;zip_fread()&quot;函数拒绝服务漏洞

BUGTRAQ ID: 46975 CVE ID: CVE-2011-1471 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP "Zip"扩展"zipfread"函数在实现上存在拒绝服务漏洞，远程攻击者可利用此漏洞造成应用程序崩溃，拒绝服务和任意代码执行。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 PHP PHP 5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2011-1471

CVE-2011-1471 : Integer signedness error in zip_stream.c of PHP’s Zip extension (pre-5.3.6) allows context-dependent attackers to cause a denial of service via malformed ZIP archives that trigger errors in zip_fread. Affected product/version: PHP before 5.3.6 (Zip extension). Impact: CPU consumpt...