Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0421Libzip vulnerability

22 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
8.2%
top 7.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
LibzipDebian LibzipPHP
Timeline
PublishedMar 20
Latest updateMay 14

Description

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/libzip< libzip 0.10-1 (bookworm)
Debianlibzip/libzip< 0.10-1+3
NVDphp/php5.3.5+96

Patches

Patch: svn.php.netPatch: bugzilla.redhat.comPatch: svn.php.net

🔴Vulnerability Details

2
GHSA
GHSA-h3v6-hj58-cx74: The _zip_name_locate function in zip_name_locate2022-05-14
OSV
CVE-2011-0421: The _zip_name_locate function in zip_name_locate2011-03-20

💥Exploits & PoCs

1
Exploit-DB
PHP 5.3.5 libzip 0.9.3 - _zip_name_locate Null Pointer Dereference2011-03-18

📋Vendor Advisories

7
Red Hat
libpng: regression of CVE-2004-0421 in 1.2.23+2011-06-07
Ubuntu
PHP Regressions2011-05-05
Ubuntu
PHP vulnerabilities2011-04-29
Red Hat
kernel: gro: reset dev and skb_iff on skb reuse2011-02-02
Red Hat
php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate()2011-01-30

💬Community

10
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6]2011-06-29
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]2011-06-29
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-5]2011-06-29
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [fedora-all]2011-06-29
Bugzilla
CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+2011-06-27
CVE-2011-0421 — Debian Libzip vulnerability | cvebase