CVE-2011-4153

Exploit

EPSS 5.6%
Veröffentlicht 18.01.2012 20:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php ≫ Php Version5.3.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.6%	0.9

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

http://secunia.com/advisories/48668

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html

Exploit

http://cxsecurity.com/research/103

Exploit

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html

http://marc.info/?l=bugtraq&m=134012830914727&w=2

http://www.exploit-db.com/exploits/18370/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2011-4153

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4153

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4153

EUVD