CVE-2011-1467
- Public Date:
- 2010-12-07
- Bugzilla:
- 690894: CVE-2011-1467 php: NumberFormatter: set a symbol value crash (DoS) on bogus values
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2011-1467 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant.
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | php | Affected |
| Red Hat Enterprise Linux 5 | php | Not affected |
| Red Hat Enterprise Linux 5 | php53 | Affected |
| Red Hat Enterprise Linux 4 | php | Not affected |
CVE description copyright © 2017, The MITRE Corporation
