CVE-2011-3182

2011-08-2500:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

PHP before 5.3.7 does not properly check the return values of the malloc,
calloc, and realloc library functions, which allows context-dependent
attackers to cause a denial of service (NULL pointer dereference and
application crash) or trigger a buffer overflow by leveraging the ability
to provide an arbitrary value for a function argument, related to (1)
ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3)
ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5)
ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7)
ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9)
ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the
strtotime function.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.18UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.10UNKNOWN
ubuntu10.10noarchphp5< 5.3.3-1ubuntu9.6UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.3UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	php5	< 5.2.4-2ubuntu5.18	UNKNOWN
ubuntu	10.04	noarch	php5	< 5.3.2-1ubuntu4.10	UNKNOWN
ubuntu	10.10	noarch	php5	< 5.3.3-1ubuntu9.6	UNKNOWN
ubuntu	11.04	noarch	php5	< 5.3.5-1ubuntu7.3	UNKNOWN
ubuntu	11.10	noarch	php5	< 5.3.6-13ubuntu3.2	UNKNOWN