CVE Vulnerabilities

CVE-2011-1471

Published: Mar 20, 2011 | Modified: Jan 19, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

Affected Software

Name Vendor Start Version End Version
Php Php * 5.2.11 (excluding)
Php Php 5.3.0 (including) 5.3.6 (excluding)
Php5 Ubuntu dapper *
Php5 Ubuntu hardy *
Php5 Ubuntu karmic *
Php5 Ubuntu lucid *
Php5 Ubuntu maverick *
Php5 Ubuntu natty *
Php5 Ubuntu upstream *
Red Hat Enterprise Linux 5 RedHat php53-0:5.3.3-1.el5_7.3 *
Red Hat Enterprise Linux 6 RedHat php-0:5.3.3-3.el6_1.3 *

References