CVE-2011-1467

EUVD-2011-1472
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.3.5
phpphp
1.0
phpphp
2.0
phpphp
2.0b10:b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0
phpphp
4.0:beta_4_patch1
phpphp
4.0:beta1
phpphp
4.0:beta2
phpphp
4.0:beta3
phpphp
4.0:beta4
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.4
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
dapper
not-affected
hardy
not-affected
karmic
not-affected
lucid
Fixed 5.3.2-1ubuntu4.8
released
maverick
Fixed 5.3.3-1ubuntu9.4
released
natty
Fixed 5.3.5-1ubuntu7.1
released
References
http://bugs.php.net/bug.php?id=53512
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/46968
http://www.vupen.com/english/advisories/2011/0744
http://bugs.php.net/bug.php?id=53512
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/46968
http://www.vupen.com/english/advisories/2011/0744