#VU45192 Input validation error in PHP - CVE-2011-0421

Cybersecurity Help s.r.o.

Published: 2011-03-20 | Updated: 2020-08-11

Vulnerability identifier: #VU45192

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-0421

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

PHP: 1.0, 2.0b10, 2.0, 3.0 - 3.0.18, 4.0 - 4.0.7, 4.1.0 - 4.1.2, 4.2.0 - 4.2.3, 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.4

External links
https://bugs.php.net/bug.php?id=53885
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html
https://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
https://marc.info/?l=bugtraq&m=133469208622507&w=2
https://secunia.com/advisories/43621
https://securityreason.com/achievement_securityalert/96
https://securityreason.com/securityalert/8146
https://support.apple.com/kb/HT5002
https://svn.php.net/viewvc/?view=revision&revision=307867
https://www.debian.org/security/2011/dsa-2266
https://www.exploit-db.com/exploits/17004
https://www.mandriva.com/security/advisories?name=MDVSA-2011:052
https://www.mandriva.com/security/advisories?name=MDVSA-2011:053
https://www.mandriva.com/security/advisories?name=MDVSA-2011:099
https://www.php.net/archive/2011.php
https://www.php.net/ChangeLog-5.php
https://www.php.net/releases/5_3_6.php
https://www.securityfocus.com/archive/1/517065/100/0/threaded
https://www.securityfocus.com/bid/46354
https://www.vupen.com/english/advisories/2011/0744
https://www.vupen.com/english/advisories/2011/0764
https://www.vupen.com/english/advisories/2011/0890
https://bugzilla.redhat.com/show_bug.cgi?id=688735
https://exchange.xforce.ibmcloud.com/vulnerabilities/66173

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PHP