Published: 18/01/2012 Updated: 18/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.3.8

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scori ...

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scori ...

Synopsis Moderate: php53 security update Type/Severity Security Advisory: Moderate Topic Updated php53 packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...

Several vulnerabilities have been discovered in PHP, the web scripting language The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discovered that insecure handling of temporary files in the PEAR installer could lead to denial of service CVE-2011-4153 Maksymilian Arciemowicz discovered ...

Multiple vulnerabilities in PHP ...

USN 1358-1 introduced a regression in PHP ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ PHP 538 Multiple vulnerabilities ] Author: Maksymilian Arciemowicz Website: cxsecuritycom/ Date: 14012012 CVE: CVE-2011-4153 (zend_strndup) Original link: cxsecuritycom/research/103 [--- 1 Multiple NULL Pointer Dereference with zend_strndup() [CVE-2011-4153] ---] As we can s ...

PHP version 538 suffers from multiple NULL pointer dereference vulnerabilities ...

CWE-20 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://www.exploit-db.com/exploits/18370/http://cxsecurity.com/research/103 http://secunia.com/advisories/48668 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:1046 https://usn.ubuntu.com/1358-1/https://www.exploit-db.com/exploits/18370/https://www.debian.org/security/./dsa-2408

CVE-2011-4153

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect