CVE-2011-0420
published 2011-02-19CVE-2011-0420: The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
14.41%
96.2th percentile
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-78j2-xvgc-hm94: The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5
ghsa_unreviewed·2022-05-14
CVE-2011-0420 [MEDIUM] GHSA-78j2-xvgc-hm94: The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
Ubuntu
PHP Regressions
vendor_ubuntu·2011-05-05·CVSS 5.0
CVE-2010-4697 [MEDIUM] PHP Regressions
Title: PHP Regressions
Summary: USN 1126-1 introduced two regressions in PHP.
USN 1126-1 fixed several vulnerabilities in PHP. The fix for
CVE-2010-4697 introduced an incorrect reference counting regression
in the Zend engine that caused the PHP interpreter to segfault. This
regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.
The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression
in the PEAR installer that prevented it from creating its cache
directory and reporting errors correctly.
We apologize for the inconvenience.
Original advisory details:
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan R
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2011-04-29·CVSS 5.0
CVE-2011-0421 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Multiple vulnerabilities in PHP.
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attack on
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella disco
Red Hat
php: missing $size checks in grapheme_extract()
vendor_redhat·2011-02-17·CVSS 5.0
CVE-2011-0420 [MEDIUM] php: missing $size checks in grapheme_extract()
php: missing $size checks in grapheme_extract()
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
Statement: Red Hat does not consider this flaw to be a security issue. The size argument of the grapheme_extract function is unlikely to from an untrusted source unfiltered, therefore the value passed to the function is under the the full control of the script author and no trust boundary is crossed.
Package: php (Red Hat Enterprise Linux 4) - Not affected
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterpr
No detection rules found.
Exploit-DB
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
exploitdb·2011-02-17·CVSS 5.0
CVE-2011-0420 [MEDIUM] PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
---
Source: http://securityreason.com/securityalert/8087
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ PHP 5.3.5 grapheme_extract() NULL Pointer Dereference ]
Author: Maksymilian Arciemowicz
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 09.12.2010
- - Pub.: 17.02.2011
CVE: CVE-2011-0420
CERT: VU#210829
Affected Software:
- - PHP 5.3.5
Fixed: SVN
Original URL:
http://securityreason.com/achievement_securityalert/94
- --- 0.Description ---
Internationalization extension (further is referred as Intl) is a wrapper
for ICU library, enabling PHP programmers to perform UCA-conformant
collation and date/time/number/currency formatting in their scripts.
grapheme_extract — Function to extract a sequence of default g
Exploit-DB
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service
exploitdb·2011-02-17
CVE-2011-0420 PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service
---
source: https://www.securityfocus.com/bid/46429/info
PHP is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
An attacker can exploit this issue to cause an appliation written in PHP to crash, denying service to legitimate users.
PHP 5.3.5 is vulnerable; other versions may also be affected.
The following proof-of-concept is available:
grapheme_extract('a',-1);
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://securityreason.com/achievement_securityalert/94http://securityreason.com/securityalert/8087http://support.apple.com/kb/HT5002http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449http://www.debian.org/security/2011/dsa-2266http://www.exploit-db.com/exploits/16182http://www.kb.cert.org/vuls/id/210829http://www.securityfocus.com/archive/1/516504/100/0/threadedhttp://www.securityfocus.com/archive/1/516518/100/0/threadedhttp://www.securityfocus.com/bid/46429https://exchange.xforce.ibmcloud.com/vulnerabilities/65437http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://securityreason.com/achievement_securityalert/94http://securityreason.com/securityalert/8087http://support.apple.com/kb/HT5002http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449http://www.debian.org/security/2011/dsa-2266http://www.exploit-db.com/exploits/16182http://www.kb.cert.org/vuls/id/210829http://www.securityfocus.com/archive/1/516504/100/0/threadedhttp://www.securityfocus.com/archive/1/516518/100/0/threadedhttp://www.securityfocus.com/bid/46429https://exchange.xforce.ibmcloud.com/vulnerabilities/65437
2011-02-19
Published