CVE-2011-3182
published 2011-08-25CVE-2011-3182: PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to…
PriorityP337medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
19.14%
97.0th percentile
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.
Affected
94 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.3.6 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_ubuntu7.5HIGH
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP Vulnerabilities
vendor_ubuntu·2011-10-18·CVSS 7.5
CVE-2010-1914 [HIGH] PHP Vulnerabilities
Title: PHP Vulnerabilities
Summary: Several security issues were fixed in PHP.
Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a
stack-based buffer overflow existed in the socket_connect function's
handling of long pathnames for AF_UNIX sockets. A remote attacker
might be able to exploit this to execute arbitrary code; however,
the default compiler options for affected releases should reduce
the vulnerability to a denial of service. This issue affected Ubuntu
10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)
Krzysztof Kotowicz discovered that the PHP post handler function
does not properly restrict filenames in multipart/form-data POST
requests. This may allow remote attackers to conduct absolute
path traversal attacks and possibly create or overwrite arbitrar
Red Hat
php: multiple NULL pointer dereferences
vendor_redhat·2011-08-19·CVSS 5.0
CVE-2011-3182 [MEDIUM] CWE-476 php: multiple NULL pointer dereferences
php: multiple NULL pointer dereferences
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.
Statement: Red Hat does not consider this flaw to be a security issue
GHSA
GHSA-778p-3h84-7r8x: PHP before 5
ghsa_unreviewed·2022-05-17
CVE-2011-3182 [MEDIUM] GHSA-778p-3h84-7r8x: PHP before 5
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.
No detection rules found.
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://marc.info/?l=full-disclosure&m=131373057621672&w=2http://securityreason.com/achievement_securityalert/101http://support.apple.com/kb/HT5130http://www.mandriva.com/security/advisories?name=MDVSA-2011:165http://www.openwall.com/lists/oss-security/2011/08/22/9http://www.securityfocus.com/bid/49249https://exchange.xforce.ibmcloud.com/vulnerabilities/69430http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://marc.info/?l=full-disclosure&m=131373057621672&w=2http://securityreason.com/achievement_securityalert/101http://support.apple.com/kb/HT5130http://www.mandriva.com/security/advisories?name=MDVSA-2011:165http://www.openwall.com/lists/oss-security/2011/08/22/9http://www.securityfocus.com/bid/49249https://exchange.xforce.ibmcloud.com/vulnerabilities/69430
2011-08-25
Published