Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-0421
HistoryMar 19, 2011 - 12:00 a.m.

CVE-2011-0421

2011-03-1900:00:00
ubuntu.com
ubuntu.com
8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

The _zip_name_locate function in zip_name_locate.c in the Zip extension in
PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause a denial
of service (NULL pointer dereference) via an empty ZIP archive that is
processed with a (1) locateName or (2) statName operation.

Bugs

Notes

Author Note
sbeattie php 5.1 in dapper did not include the zip library
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.15UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.9UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.8UNKNOWN
ubuntu10.10noarchphp5< 5.3.3-1ubuntu9.4UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.1UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%