CVE-2011-4153

MEDIUM

Description

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

References

http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html

http://cxsecurity.com/research/103

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

http://marc.info/?l=bugtraq&m=134012830914727&w=2

http://secunia.com/advisories/48668

http://www.exploit-db.com/exploits/18370/

Details

Source: MITRE

Published: 2012-01-18

Updated: 2018-01-18

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM