CVE-2010-4409
published 2010-12-06CVE-2010-4409: Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
18.88%
96.9th percentile
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
Affected
98 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.3.5 | — |
| php | php | <= 5.3.3 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_ubuntu6.8MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2011-01-11·CVSS 6.8
CVE-2010-4409 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)
It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)
It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)
Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
Red Hat
php: NumberFormatter: set a symbol value crash (DoS) on bogus values
vendor_redhat·2010-12-07·CVSS 5.0
CVE-2011-1467 [MEDIUM] php: NumberFormatter: set a symbol value crash (DoS) on bogus values
php: NumberFormatter: set a symbol value crash (DoS) on bogus values
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
Statement: This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. T
Red Hat
php: getSymbol() integer overflow vulnerability
vendor_redhat·2010-11-19·CVSS 5.0
CVE-2010-4409 [MEDIUM] CWE-190 php: getSymbol() integer overflow vulnerability
php: getSymbol() integer overflow vulnerability
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
Statement: This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant.
GHSA
GHSA-hjvh-9wf5-hh3p: Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5
ghsa_unreviewed·2022-05-14
CVE-2010-4409 [MEDIUM] GHSA-hjvh-9wf5-hh3p: Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
GHSA
GHSA-h6jj-jqvx-gmqp: Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2011-1467 [MEDIUM] GHSA-h6jj-jqvx-gmqp: Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
No detection rules found.
Bugzilla
CVE-2011-1467 php: NumberFormatter: set a symbol value crash (DoS) on bogus values
bugzilla·2011-03-25·CVSS 5.0
CVE-2011-1467 [MEDIUM] CVE-2011-1467 php: NumberFormatter: set a symbol value crash (DoS) on bogus values
CVE-2011-1467 php: NumberFormatter: set a symbol value crash (DoS) on bogus values
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1467 to
the following vulnerability:
Unspecified vulnerability in the NumberFormatter::setSymbol (aka
numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6
allows context-dependent attackers to cause a denial of service
(application crash) via an invalid argument, a related issue to
CVE-2010-4409.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
[2] http://bugs.php.net/bug.php?id=53512
[3] http://www.php.net/ChangeLog-5.php
Upstream patch:
[4] http://svn.php.net/viewvc/?view=revision&revision=306154
[5] http://svn.php.net/viewvc/?view=revision&revision=306157
(test case)
Discussion:
Public Po
Bugzilla
CVE-2010-4409 php: getSymbol() integer overflow vulnerability
bugzilla·2010-12-06·CVSS 5.0
CVE-2010-4409 [MEDIUM] CVE-2010-4409 php: getSymbol() integer overflow vulnerability
CVE-2010-4409 php: getSymbol() integer overflow vulnerability
It was discovered [1] that PHP failed to properly sanitize input passed to the getSymbol() function, which contains an integer overflow vulnerability, that could possibly allow a remote attacker to cause a segmentation fault in PHP, leading to a denial of service.
This flaw only affects PHP >= 5.3.0 [2] and has been fixed in upstream svn [3].
[1] http://www.kb.cert.org/vuls/id/479900
[2] http://php.net/manual/en/numberformatter.getsymbol.php
[3] http://svn.php.net/viewvc?view=revision&revision=305571
Discussion:
This was assigned CVE-2010-4409.
---
Created php tracking bugs for this issue
Affects: fedora-all [bug 660517]
---
Is this security issue? It seems quite unlikely to have getSymbol's attr argument exposed to un
Bugzilla
CVE-2010-4409 php: getSymbol() integer overflow vulnerability [fedora-all]
bugzilla·2010-12-06·CVSS 5.0
CVE-2010-4409 [MEDIUM] CVE-2010-4409 php: getSymbol() integer overflow vulnerability [fedora-all]
CVE-2010-4409 php: getSymbol() integer overflow vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=660382
Please note: this issue affects multiple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://lists.opensuse.org/opensuse-updates/2012-01/msg00035.htmlhttp://secunia.com/advisories/42812http://secunia.com/advisories/47674http://support.apple.com/kb/HT4581http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/formatter/formatter_attr.c?r1=305571&r2=305570&pathrev=305571http://svn.php.net/viewvc?view=revision&revision=305571http://www.exploit-db.com/exploits/15722http://www.kb.cert.org/vuls/id/479900http://www.mandriva.com/security/advisories?name=MDVSA-2010:254http://www.mandriva.com/security/advisories?name=MDVSA-2010:255http://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/archive/1/515142/100/0/threadedhttp://www.securityfocus.com/bid/45119http://www.ubuntu.com/usn/USN-1042-1http://www.vupen.com/english/advisories/2011/0020http://www.vupen.com/english/advisories/2011/0021http://www.vupen.com/english/advisories/2011/0077http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://lists.opensuse.org/opensuse-updates/2012-01/msg00035.htmlhttp://secunia.com/advisories/42812http://secunia.com/advisories/47674http://support.apple.com/kb/HT4581http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/formatter/formatter_attr.c?r1=305571&r2=305570&pathrev=305571http://svn.php.net/viewvc?view=revision&revision=305571http://www.exploit-db.com/exploits/15722http://www.kb.cert.org/vuls/id/479900http://www.mandriva.com/security/advisories?name=MDVSA-2010:254http://www.mandriva.com/security/advisories?name=MDVSA-2010:255http://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/archive/1/515142/100/0/threadedhttp://www.securityfocus.com/bid/45119http://www.ubuntu.com/usn/USN-1042-1http://www.vupen.com/english/advisories/2011/0020http://www.vupen.com/english/advisories/2011/0021http://www.vupen.com/english/advisories/2011/0077
2010-12-06
Published