Lucene search
Ubuntu.comUB:CVE-2011-0421HistoryMar 19, 2011 - 12:00 a.m.
CVE-2011-0421
2011-03-1900:00:00
ubuntu.com
ubuntu.com
13
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.03
Percentile
91.0%
The _zip_name_locate function in zip_name_locate.c in the Zip extension in
PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause a denial
of service (NULL pointer dereference) via an empty ZIP archive that is
processed with a (1) locateName or (2) statName operation.
Bugs
Notes
| Author | Note |
|---|---|
| sbeattie | php 5.1 in dapper did not include the zip library |
Related
nessus
nessus
SuSE 11.1 Security Update : libzip1 (SAT Patch Number 4191)
2011-05-09 00:00:00
Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)
2011-05-25 00:00:00
openSUSE Security Update : libzip-devel (openSUSE-SU-2011:0449-1)
2014-06-13 00:00:00
exploitpack
exploitpack
PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference
2011-03-18 00:00:00
openvas
openvas
Mandriva Update for libzip MDVSA-2011:099 (libzip)
2011-06-03 00:00:00
Mandriva Update for libzip MDVSA-2011:099 (libzip)
2011-06-03 00:00:00
FreeBSD Ports: php5-zip
2011-05-12 00:00:00
cve
cve
CVE-2011-0421
2011-03-20 02:00:03
seebug
seebug
libzip 0.9.3 _zip_name_locateη©ΊζιεΌη¨(incl PHP 5.3.5)
2011-03-22 00:00:00
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
2014-07-01 00:00:00
debiancve
debiancve
CVE-2011-0421
2011-03-20 02:00:03
cvelist
cvelist
CVE-2011-0421
2011-03-20 01:00:00
freebsd
freebsd
php -- ZipArchive segfault with FL_UNCHANGED on empty archive
2011-03-20 00:00:00
packetstorm
packetstorm
libzip 0.9.3 NULL Pointer Dereference
2011-03-18 00:00:00
prion
prion
Null pointer dereference
2011-03-20 02:00:00
securityvulns
securityvulns
libzip library / PHP DoS
2011-03-21 00:00:00
PHP multiple security vulnerabilities
2011-05-01 00:00:00
nvd
nvd
CVE-2011-0421
2011-03-20 02:00:03
exploitdb
exploitdb
PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference
2011-03-18 00:00:00
slackware
slackware
[slackware-security] libpng
2011-07-29 23:18:23
fedora
fedora
[SECURITY] Fedora 14 Update: php-5.3.6-1.fc14
2011-04-06 22:33:56
[SECURITY] Fedora 13 Update: php-5.3.6-1.fc13
2011-04-06 22:34:24
[SECURITY] Fedora 14 Update: php-eaccelerator-0.9.6.1-6.fc14
2011-04-06 22:33:56
debian
debian
[SECURITY] [DSA 2262-2] php5 update
2011-07-01 20:00:32
[SECURITY] [DSA 2266-1] php5 security update
2011-06-29 18:42:45
osv
osv
php5 - several
2011-06-29 00:00:00
ubuntu
ubuntu
PHP Regressions
2011-05-05 00:00:00
PHP vulnerabilities
2011-04-29 00:00:00
f5
f5
Multiple PHP vulnerabilities
2012-04-05 02:07:00
SOL13518 - Multiple PHP vulnerabilities
2012-04-04 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.03
Percentile
91.0%
Related for UB:CVE-2011-0421