CVE-2011-0421

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
phpphp
𝑥
≤ 5.3.5
phpphp
1.0
phpphp
2.0
phpphp
2.0b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0
phpphp
4.0
phpphp
4.0
phpphp
4.0
phpphp
4.0
phpphp
4.0
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.4
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.0
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libzip
bookworm
1.7.3-1
fixed
bullseye
1.7.3-1
fixed
squeeze
no-dsa
trixie
1.11.1-1
fixed
sid
1.11.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libzip
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
dne
php5
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
Fixed 5.3.5-1ubuntu7.1
released
maverick
Fixed 5.3.3-1ubuntu9.4
released
lucid
Fixed 5.3.2-1ubuntu4.8
released
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.9
released
hardy
Fixed 5.2.4-2ubuntu5.15
released
dapper
not-affected
References
http://bugs.php.net/bug.php?id=53885
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://secunia.com/advisories/43621
http://securityreason.com/achievement_securityalert/96
http://securityreason.com/securityalert/8146
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc/?view=revision&revision=307867
http://www.debian.org/security/2011/dsa-2266
http://www.exploit-db.com/exploits/17004
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2011.php
http://www.php.net/releases/5_3_6.php
http://www.securityfocus.com/archive/1/517065/100/0/threaded
http://www.securityfocus.com/bid/46354
http://www.vupen.com/english/advisories/2011/0744
http://www.vupen.com/english/advisories/2011/0764
http://www.vupen.com/english/advisories/2011/0890
https://bugzilla.redhat.com/show_bug.cgi?id=688735
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173
http://bugs.php.net/bug.php?id=53885
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://secunia.com/advisories/43621
http://securityreason.com/achievement_securityalert/96
http://securityreason.com/securityalert/8146
http://support.apple.com/kb/HT5002
http://svn.php.net/viewvc/?view=revision&revision=307867
http://www.debian.org/security/2011/dsa-2266
http://www.exploit-db.com/exploits/17004
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.mandriva.com/security/advisories?name=MDVSA-2011:099
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2011.php
http://www.php.net/releases/5_3_6.php
http://www.securityfocus.com/archive/1/517065/100/0/threaded
http://www.securityfocus.com/bid/46354
http://www.vupen.com/english/advisories/2011/0744
http://www.vupen.com/english/advisories/2011/0764
http://www.vupen.com/english/advisories/2011/0890
https://bugzilla.redhat.com/show_bug.cgi?id=688735
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173