Veracode Vulnerability DatabaseVERACODE:23308Denial Of Service (DoS)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
php is vulnerable to denial of service (DoS). The vulnerability exists as it was discovered that the PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data.
References
lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
osvdb.org/38686
secunia.com/advisories/27102
secunia.com/advisories/28658
secunia.com/advisories/30828
secunia.com/advisories/31119
secunia.com/advisories/31200
securityreason.com/securityalert/3109
www.gentoo.org/security/en/glsa/glsa-200710-02.xml
www.mandriva.com/security/advisories?name=MDVSA-2009:022
www.mandriva.com/security/advisories?name=MDVSA-2009:023
www.redhat.com/docs/en-US/Red_Hat_Application_Stack/2.1/html-single/Release_Notes/
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0505.html
www.redhat.com/support/errata/RHSA-2008-0544.html
www.redhat.com/support/errata/RHSA-2008-0545.html
www.redhat.com/support/errata/RHSA-2008-0582.html
www.securityfocus.com/archive/1/478626/100/0/threaded
www.securityfocus.com/archive/1/478630/100/0/threaded
www.securityfocus.com/archive/1/478726/100/0/threaded
www.ubuntu.com/usn/usn-628-1
access.redhat.com/errata/RHSA-2008:0505
exchange.xforce.ibmcloud.com/vulnerabilities/36457
exchange.xforce.ibmcloud.com/vulnerabilities/36461
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897
www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P