CVE-2011-1148

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	*	5.3.6 (including)
Php	Php	1.0 (including)	1.0 (including)
Php	Php	2.0 (including)	2.0 (including)
Php	Php	2.0b10 (including)	2.0b10 (including)
Php	Php	3.0 (including)	3.0 (including)
Php	Php	3.0.1 (including)	3.0.1 (including)
Php	Php	3.0.2 (including)	3.0.2 (including)
Php	Php	3.0.3 (including)	3.0.3 (including)
Php	Php	3.0.4 (including)	3.0.4 (including)
Php	Php	3.0.5 (including)	3.0.5 (including)
Php	Php	3.0.6 (including)	3.0.6 (including)
Php	Php	3.0.7 (including)	3.0.7 (including)
Php	Php	3.0.8 (including)	3.0.8 (including)
Php	Php	3.0.9 (including)	3.0.9 (including)
Php	Php	3.0.10 (including)	3.0.10 (including)
Php	Php	3.0.11 (including)	3.0.11 (including)
Php	Php	3.0.12 (including)	3.0.12 (including)
Php	Php	3.0.13 (including)	3.0.13 (including)
Php	Php	3.0.14 (including)	3.0.14 (including)
Php	Php	3.0.15 (including)	3.0.15 (including)
Php	Php	3.0.16 (including)	3.0.16 (including)
Php	Php	3.0.17 (including)	3.0.17 (including)
Php	Php	3.0.18 (including)	3.0.18 (including)
Php	Php	4.0 (including)	4.0 (including)
Php	Php	4.0-beta_4_patch1 (including)	4.0-beta_4_patch1 (including)
Php	Php	4.0-beta1 (including)	4.0-beta1 (including)
Php	Php	4.0-beta2 (including)	4.0-beta2 (including)
Php	Php	4.0-beta3 (including)	4.0-beta3 (including)
Php	Php	4.0-beta4 (including)	4.0-beta4 (including)
Php	Php	4.0.0 (including)	4.0.0 (including)
Php	Php	4.0.1 (including)	4.0.1 (including)
Php	Php	4.0.2 (including)	4.0.2 (including)
Php	Php	4.0.3 (including)	4.0.3 (including)
Php	Php	4.0.4 (including)	4.0.4 (including)
Php	Php	4.0.5 (including)	4.0.5 (including)
Php	Php	4.0.6 (including)	4.0.6 (including)
Php	Php	4.0.7 (including)	4.0.7 (including)
Php	Php	4.1.0 (including)	4.1.0 (including)
Php	Php	4.1.1 (including)	4.1.1 (including)
Php	Php	4.1.2 (including)	4.1.2 (including)
Php	Php	4.2.0 (including)	4.2.0 (including)
Php	Php	4.2.1 (including)	4.2.1 (including)
Php	Php	4.2.2 (including)	4.2.2 (including)
Php	Php	4.2.3 (including)	4.2.3 (including)
Php	Php	4.3.0 (including)	4.3.0 (including)
Php	Php	4.3.1 (including)	4.3.1 (including)
Php	Php	4.3.2 (including)	4.3.2 (including)
Php	Php	4.3.3 (including)	4.3.3 (including)
Php	Php	4.3.4 (including)	4.3.4 (including)
Php	Php	4.3.5 (including)	4.3.5 (including)
Php	Php	4.3.6 (including)	4.3.6 (including)
Php	Php	4.3.7 (including)	4.3.7 (including)
Php	Php	4.3.8 (including)	4.3.8 (including)
Php	Php	4.3.9 (including)	4.3.9 (including)
Php	Php	4.3.10 (including)	4.3.10 (including)
Php	Php	4.3.11 (including)	4.3.11 (including)
Php	Php	4.4.0 (including)	4.4.0 (including)
Php	Php	4.4.1 (including)	4.4.1 (including)
Php	Php	4.4.2 (including)	4.4.2 (including)
Php	Php	4.4.3 (including)	4.4.3 (including)
Php	Php	4.4.4 (including)	4.4.4 (including)
Php	Php	4.4.5 (including)	4.4.5 (including)
Php	Php	4.4.6 (including)	4.4.6 (including)
Php	Php	4.4.7 (including)	4.4.7 (including)
Php	Php	4.4.8 (including)	4.4.8 (including)
Php	Php	4.4.9 (including)	4.4.9 (including)
Php	Php	5.3.0 (including)	5.3.0 (including)
Php	Php	5.3.1 (including)	5.3.1 (including)
Php	Php	5.3.2 (including)	5.3.2 (including)
Php	Php	5.3.3 (including)	5.3.3 (including)
Php	Php	5.3.4 (including)	5.3.4 (including)
Php	Php	5.3.5 (including)	5.3.5 (including)
Red Hat Enterprise Linux 5	RedHat	php53-0:5.3.3-1.el5_7.3	*
Red Hat Enterprise Linux 5	RedHat	php-0:5.1.6-27.el5_7.4	*
Red Hat Enterprise Linux 6	RedHat	php-0:5.3.3-3.el6_1.3	*
Php5	Ubuntu	dapper	*
Php5	Ubuntu	hardy	*
Php5	Ubuntu	karmic	*
Php5	Ubuntu	lucid	*
Php5	Ubuntu	maverick	*
Php5	Ubuntu	natty	*
Php5	Ubuntu	oneiric	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1148
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References