{
  "public_date" : "2011-02-17T00:00:00Z",
  "bugzilla" : {
    "description" : "php: missing $size checks in grapheme_extract()",
    "id" : "678885",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678885"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "draft"
  },
  "details" : [ "The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference." ],
  "statement" : "Red Hat does not consider this flaw to be a security issue. The size argument of the grapheme_extract function is unlikely to from an untrusted source unfiltered, therefore the value passed to the function is under the the full control of the script author and no trust boundary is crossed.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php53",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-0420\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0420" ],
  "name" : "CVE-2011-0420",
  "csaw" : false
}