Lucene search
RootSSV:20382HistoryMar 22, 2011 - 12:00 a.m.
libzip 0.9.3 _zip_name_locate空指针引用(incl PHP 5.3.5)
2011-03-2200:00:00
Root
www.seebug.org
60
0.03 Low
EPSS
Percentile
89.9%
CVE ID: CVE-2011-0421
libzip是读取、创建和修改zip文档的库。
libzip 0.9.3 _zip_name_locate在实现上存在空指针引用漏洞,远程攻击者可利用此漏洞进行拒绝服务。
设置ZIP_FL_UNCHANGED标签后,libzip可使远程和本地攻击者进行拒绝服务攻击。对于空zip文件和ZIP_FL_UNCHANGED旗标,libzip会发生崩溃。目前对于PHP,安全影响只是远程拒绝服务。
PHP PHP 5.3.5
libzip libzip 0.9.3
厂商补丁:
libzip
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本
Related
nessus
nessus
Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)
2011-05-25 00:00:00
SuSE 11.1 Security Update : libzip1 (SAT Patch Number 4191)
2011-05-09 00:00:00
openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)
2014-06-13 00:00:00
exploitpack
exploitpack
PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference
2011-03-18 00:00:00
openvas
openvas
Mandriva Update for libzip MDVSA-2011:099 (libzip)
2011-06-03 00:00:00
Mandriva Update for libzip MDVSA-2011:099 (libzip)
2011-06-03 00:00:00
FreeBSD Ports: php5-zip
2011-05-12 00:00:00
cve
cve
CVE-2011-0421
2011-03-20 02:00:00
securityvulns
securityvulns
libzip library / PHP DoS
2011-03-21 00:00:00
PHP multiple security vulnerabilities
2011-05-01 00:00:00
prion
prion
Null pointer dereference
2011-03-20 02:00:00
packetstorm
packetstorm
libzip 0.9.3 NULL Pointer Dereference
2011-03-18 00:00:00
freebsd
freebsd
php -- ZipArchive segfault with FL_UNCHANGED on empty archive
2011-03-20 00:00:00
seebug
seebug
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
2014-07-01 00:00:00
debiancve
debiancve
CVE-2011-0421
2011-03-20 02:00:00
ubuntucve
ubuntucve
CVE-2011-0421
2011-03-19 00:00:00
exploitdb
exploitdb
PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference
2011-03-18 00:00:00
slackware
slackware
[slackware-security] libpng
2011-07-29 23:18:23
fedora
fedora
[SECURITY] Fedora 13 Update: php-5.3.6-1.fc13
2011-04-06 22:34:24
[SECURITY] Fedora 14 Update: php-5.3.6-1.fc14
2011-04-06 22:33:56
[SECURITY] Fedora 14 Update: php-eaccelerator-0.9.6.1-6.fc14
2011-04-06 22:33:56
debian
debian
[SECURITY] [DSA 2262-2] php5 update
2011-07-01 20:00:32
[SECURITY] [DSA 2266-1] php5 security update
2011-06-29 18:42:45
osv
osv
php5 - several
2011-06-29 00:00:00
ubuntu
ubuntu
PHP Regressions
2011-05-05 00:00:00
PHP vulnerabilities
2011-04-29 00:00:00
f5
f5
Multiple PHP vulnerabilities
2012-04-05 02:07:00
SOL13518 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00