CVE-2011-4153 Information

Share on:

Feb 14, 2021 cve

Description

PHP 5.3.8 does not always check the return value of the zend_strndup function which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data as demonstrated by the define function in zend_builtin_functions.c and unspecified functions in ext/soap/php_sdl.c ext/standard/syslog.c ext/standard/browscap.c ext/oci8/oci8.c ext/com_dotnet/com_typeinfo.c and main/php_open_temporary_file.c.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://cxsecurity.com/research/103 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://secunia.com/advisories/48668 http://www.exploit-db.com/exploits/18370/