CVE-2011-1657 - The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3

CVE-2011-1657

Summary

The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.

References

Vulnerable Configurations

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2018 - 19:31)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

apple	APPLE-SA-2012-02-01-1
bid	49252
bugtraq	20110819 PHP 5.3.6 ZipArchive invalid use glob(3)
confirm	http://support.apple.com/kb/HT5130 http://svn.php.net/viewvc/?view=revision&revision=310814 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log https://bugs.php.net/bug.php?id=54681
mandriva	MDVSA-2011:165
mlist	[oss-security] 20110701 Re: Re: php ZipArchive::addGlob() crashes on invalid flags [oss-security] 20110701 Re: php ZipArchive::addGlob() crashes on invalid flags [oss-security] 20110701 php ZipArchive::addGlob() crashes on invalid flags
sreason	8342
sreasonres	20110819 PHP 5.3.6 ZipArchive invalid use glob(3)
xf	php-ziparchiveaddglob-dos(69320)

Last major update

09-10-2018 - 19:31

Published

25-08-2011 - 14:22

Last modified

09-10-2018 - 19:31