ID CVE-2011-0420
Summary The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 20:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
apple APPLE-SA-2011-10-12-3
bid 46429
bugtraq
  • 20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
  • 20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
cert-vn VU#210829
confirm http://support.apple.com/kb/HT5002
debian DSA-2266
exploit-db 16182
misc http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
sreason 8087
sreasonres 20110217 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
xf php-graphemeextract-dos(65437)
Last major update 10-10-2018 - 20:09
Published 19-02-2011 - 01:00
Last modified 10-10-2018 - 20:09
Back to Top