CVE-2011-0421
CVE-2011-0421
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/17004unverifiedexploitdbwww.exploit-db.com/exploits/17004unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.php.net/bug.php?id=53885http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2https://bugzilla.redhat.com/show_bug.cgi?id=688735http://secunia.com/advisories/43621http://securityreason.com/achievement_securityalert/96http://securityreason.com/securityalert/8146https://exchange.xforce.ibmcloud.com/vulnerabilities/66173