CVE-2011-4153

Table of Contents

Impact:
Low
Public Date:
2012-01-10
CWE:
CWE-476
Bugzilla:
782943: CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS

The MITRE CVE dictionary describes this issue as:

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Find out more about CVE-2011-4153 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (php) RHSA-2012:1045 2012-06-27
Red Hat Enterprise Linux 5 (php53) RHSA-2012:1047 2012-06-27
Red Hat Enterprise Linux 6 (php) RHSA-2012:1046 2012-06-27
Last Modified

CVE description copyright © 2017, The MITRE Corporation