Public Date:
678885: CVE-2011-0420 php: missing $size checks in grapheme_extract()

The MITRE CVE dictionary describes this issue as:

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

Find out more about CVE-2011-0420 from the MITRE CVE dictionary dictionary and NIST NVD.


Red Hat does not consider this flaw to be a security issue. The size argument of the grapheme_extract function is unlikely to from an untrusted source unfiltered, therefore the value passed to the function is under the the full control of the script author and no trust boundary is crossed.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 php Affected
Red Hat Enterprise Linux 5 php Not affected
Red Hat Enterprise Linux 5 php53 Affected
Red Hat Enterprise Linux 4 php Not affected
Red Hat Enterprise Linux 3 php Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.