CVE-2011-1153

2011-03-16T00:00:00
ID UB:CVE-2011-1153
Type ubuntucve
Reporter ubuntu.com
Modified 2011-03-16T00:00:00

Description

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

Bugs

  • <http://bugs.php.net/bug.php?id=54247>
  • <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1153>

Notes

Author| Note
---|---
mdeslaur | reproducer in RH bug
sbeattie | php 5.2 does not include phar code