[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1657Date: (C)2011-08-25   (M)2024-04-19


The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/519385/100/0/threaded
BID-49252
SREASON-8342
APPLE-SA-2012-02-01-1
MDVSA-2011:165
http://www.openwall.com/lists/oss-security/2011/07/01/8
http://www.openwall.com/lists/oss-security/2011/07/01/7
http://www.openwall.com/lists/oss-security/2011/07/01/6
http://support.apple.com/kb/HT5130
http://svn.php.net/viewvc/?view=revision&revision=310814
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
https://bugs.php.net/bug.php?id=54681
php-ziparchiveaddglob-dos(69320)

CPE    1
cpe:/a:php:php:5.3.6
CWE    1
CWE-399
OVAL    5
oval:org.secpod.oval:def:301125
oval:org.secpod.oval:def:600730
oval:org.secpod.oval:def:1300027
oval:org.secpod.oval:def:3923
...

© SecPod Technologies