CVE-2011-4153
published 2012-01-18CVE-2011-4153: PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
12.20%
95.7th percentile
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rh93-rrxr-rjg3: PHP 5
ghsa_unreviewed·2022-05-14
CVE-2011-4153 [MEDIUM] CWE-20 GHSA-rh93-rrxr-rjg3: PHP 5
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
GHSA
GHSA-929c-4vcv-4rrx: The tidy_diagnose function in PHP 5
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2012-0781 [MEDIUM] GHSA-929c-4vcv-4rrx: The tidy_diagnose function in PHP 5
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
Ubuntu
PHP regression
vendor_ubuntu·2012-02-13·CVSS 5.0
CVE-2012-0831 [MEDIUM] PHP regression
Title: PHP regression
Summary: USN 1358-1 introduced a regression in PHP.
USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for
CVE-2012-0831 introduced a regression where the state of the
magic_quotes_gpc setting was not correctly reflected when calling
the ini_get() function.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters. (CVE-2011-4885)
ATTENTION: this update changes previous PHP behavior by
limiting the number of external input variables to 1000.
This may be increased by adding a "max_input_vars"
directive to the php.ini
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2012-02-10·CVSS 5.0
CVE-2012-0831 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Multiple vulnerabilities in PHP.
It was discovered that PHP computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters. (CVE-2011-4885)
ATTENTION: this update changes previous PHP behavior by
limiting the number of external input variables to 1000.
This may be increased by adding a "max_input_vars"
directive to the php.ini configuration file. See
http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
for more information.
Stefan Esser discovered that the fix to address the predictable hash
collision issue, CVE-2011-4885, did not properly handle the situation
where the limit was reache
Red Hat
php: tidy_diagnose() NULL pointer dereference may cause DoS
vendor_redhat·2012-01-10·CVSS 5.0
CVE-2012-0781 [MEDIUM] CWE-476 php: tidy_diagnose() NULL pointer dereference may cause DoS
php: tidy_diagnose() NULL pointer dereference may cause DoS
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
Package: php (Red Hat Enterprise Linux 4) - Not affected
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Red Hat
php: zend_strndup() NULL pointer dereference may cause DoS
vendor_redhat·2012-01-10·CVSS 5.0
CVE-2011-4153 [MEDIUM] CWE-476 php: zend_strndup() NULL pointer dereference may cause DoS
php: zend_strndup() NULL pointer dereference may cause DoS
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
No detection rules found.
Bugzilla
CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
bugzilla·2012-01-18·CVSS 5.0
CVE-2012-0781 [MEDIUM] CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0781 to
the following vulnerability:
Name: CVE-2012-0781
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0781
Assigned: 20120118
Reference: http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
Reference: http://www.exploit-db.com/exploits/18370/
Reference: http://cxsecurity.com/research/103
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers
to cause a denial of service (NULL pointer dereference and application
crash) via crafted input to an application that attempts to perform
Tidy::diagnose operations on invalid objects, a different
vulnerability than CVE-2011-4153.
Discussion:
This should be corrected
Bugzilla
CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS
bugzilla·2012-01-18·CVSS 5.0
CVE-2011-4153 [MEDIUM] CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS
CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4153 to
the following vulnerability:
Name: CVE-2011-4153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153
Assigned: 20111021
Reference: http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html
Reference: http://www.exploit-db.com/exploits/18370/
Reference: http://cxsecurity.com/research/103
PHP 5.3.8 does not always check the return value of the zend_strndup
function, which might allow remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via crafted
input to an application that performs strndup operations on untrusted
string data, as demonstrated by the define function in
zend_built
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.htmlhttp://cxsecurity.com/research/103http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.htmlhttp://marc.info/?l=bugtraq&m=134012830914727&w=2http://secunia.com/advisories/48668http://www.exploit-db.com/exploits/18370/http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.htmlhttp://cxsecurity.com/research/103http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.htmlhttp://marc.info/?l=bugtraq&m=134012830914727&w=2http://secunia.com/advisories/48668http://www.exploit-db.com/exploits/18370/
2012-01-18
Published