Published: 25/08/2011 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PHP prior to 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.3.3
php php 4.3.6
php php 4.4.6
php php 4.4.7
php php 4.3.9
php php 5.2.8
php php 4.4.0
php php 5.0.4
php php 5.2.9
php php 5.0.0
php php 5.1.6
php php 5.2.0
php php 2.0b10
php php 2.0
php php 3.0.11
php php 3.0.10
php php 3.0.3
php php 3.0.15
php php 3.0.7
php php 3.0.8
php php 4.0
php php 4.0.6
php php 5.2.14
php php 4.0.7
php php 4.3.10
php php 4.3.5
php php 4.2.1
php php 5.2.6
php php 4.4.1
php php 5.0.3
php php 5.1.3
php php 5.0.2
php php 5.1.4
php php 5.1.5
php php 4.4.8
php php 4.4.9
php php 3.0.13
php php 3.0.12
php php 3.0.14
php php 3.0.17
php php 3.0.5
php php 3.0.6
php php 4.0.5
php php 4.0.4
php php 4.3.11
php php 4.3.4
php php 4.2.2
php php 4.4.5
php php 5.2.5
php php 4.3.8
php php 4.4.4
php php 5.0.5
php php 5.1.0
php php 5.2.12
php php 5.2.13
php php 5.2.2
php php 1.0
php php 4.3.0
php php 5.3.0
php php 3.0.18
php php 3.0.4
php php 3.0.9
php php 4.1.1
php php 4.1.0
php php 5.3.5
php php
php php 4.3.1
php php 4.3.2
php php 4.2.0
php php 4.2.3
php php 4.3.7
php php 5.2.11
php php 4.4.2
php php 4.4.3
php php 5.1.2
php php 5.1.1
php php 5.3.1
php php 5.3.2
php php 5.0.1
php php 5.2.3
php php 5.2.1
php php 5.2.10
php php 5.2.4
php php 3.0.1
php php 3.0
php php 3.0.2
php php 3.0.16
php php 4.0.1
php php 4.0.0
php php 4.0.3
php php 4.0.2
php php 4.1.2
php php 5.3.3
php php 5.3.4

Several security issues were fixed in PHP ...

Several vulnerabilities have been discovered in PHP, the web scripting language The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service CVE-2011-4153 Maksymilian Arciemowicz discovered ...

PHP before 537 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related ...

source: wwwsecurityfocuscom/bid/49249/info PHP is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference An attacker can exploit these issues to cause an application written in PHP to crash, denying service to legitimate users PHP 537 is vulnerable; other versions may also be affected 127# ulimit ...

NVD-CWE-Other http://www.openwall.com/lists/oss-security/2011/08/22/9 http://securityreason.com/achievement_securityalert/101 http://www.securityfocus.com/bid/49249 http://marc.info/?l=full-disclosure&m=131373057621672&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://support.apple.com/kb/HT5130 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html https://exchange.xforce.ibmcloud.com/vulnerabilities/69430 https://nvd.nist.gov https://usn.ubuntu.com/1231-1/https://www.exploit-db.com/exploits/36070/

CVE-2011-3182

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect