CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.2%
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to
cause a denial of service (NULL pointer dereference and application crash)
via crafted input to an application that attempts to perform Tidy::diagnose
operations on invalid objects, a different vulnerability than
CVE-2011-4153.
Author | Note |
---|---|
sbeattie | upstream added a fix for this, but reverted it as it added a regression, and asserts it should be fixed in libtidy |
mdeslaur | upstream finally fixed it in r323118 |