cvelistv5 - CVE-2011-3336

CVE-2011-3336 (GCVE-0-2011-3336)

Vulnerability from cvelistv5

Published

2020-02-12 19:32

Modified

2024-08-06 23:29

Severity ?

CWE

denial of service

Summary

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

References

URL

	Vendor	Product	Version
	Apple	macOS	Version: through 2011

fkie_cve-2011-3336

Vulnerability from fkie_nvd

Published

2020-02-12 20:15

Modified

2024-11-21 01:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

References

URL	Tags
cret@cert.org	http://seclists.org/fulldisclosure/2014/Mar/166	Exploit, Mailing List, Third Party Advisory
cret@cert.org	http://www.securityfocus.com/bid/50541	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	https://cxsecurity.com/issue/WLB-2011110082	Exploit, Third Party Advisory
cret@cert.org	https://www.securityfocus.com/archive/1/520390	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Mar/166	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/50541	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cxsecurity.com/issue/WLB-2011110082	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/archive/1/520390	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
php	php	*
apple	mac_os_x	*
freebsd	freebsd	8.2
openbsd	openbsd	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17097D1A-0DF8-43FF-8E0D-6532245C8EBA",
              "versionEndIncluding": "5.3.10",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA4DC3D-C1B9-4EDB-BEF8-04C4FFCE43C4",
              "versionEndIncluding": "10.7.2",
              "versionStartIncluding": "10.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:8.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "50414DC8-3156-4EEA-B969-472CEBCE1F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D49DA681-C73B-4BBF-8BA9-08C41599AFF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion."
    },
    {
      "lang": "es",
      "value": "regcomp en la implementaci\u00f3n BSD de libc, es vulnerable a una denegaci\u00f3n de servicio debido al agotamiento de la pila."
    }
  ],
  "id": "CVE-2011-3336",
  "lastModified": "2024-11-21T01:30:17.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-12T20:15:13.353",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Mar/166"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50541"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/issue/WLB-2011110082"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/archive/1/520390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Mar/166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/issue/WLB-2011110082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/archive/1/520390"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to read and write files in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, 'open_basedir' restrictions are expected to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users. The libc library of the following platforms are affected: NetBSD 5.1 OpenBSD 5.0 FreeBSD 8.2 Apple Mac OSX Other versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0084",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openbsd",
        "version": "5.0"
      },
      {
        "model": "php",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "5.3.0"
      },
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "model": "freebsd",
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "openbsd",
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": "php",
        "scope": null,
        "trust": 0.8,
        "vendor": "the php group",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.3"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.10"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.1"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.6"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.8"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.5"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.7"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.2"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.9"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "php",
        "version": "5.3.4"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.11"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "php",
        "version": "5.2.12"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:freebsd:freebsd",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:openbsd:openbsd",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:php:php",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Arciemowicz",
    "sources": [
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2011-3336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-3336",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-005609",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-51281",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2011-3336",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-005609",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3336",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2011-005609",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201111-154",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51281",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an  \u0027open_basedir\u0027 restriction-bypass vulnerability because of a design error. \nSuccessful exploits could allow an attacker to read and write files in unauthorized locations. \nThis vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, \u0027open_basedir\u0027 restrictions are expected to isolate users from each other. \nPHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. \nSuccessful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users. \nThe libc library of the following platforms are affected:\nNetBSD 5.1\nOpenBSD 5.0\nFreeBSD 8.2\nApple Mac OSX\nOther versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-51281",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3336",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "50541",
        "trust": 2.0
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2011110082",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154",
        "trust": 0.7
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2012030272",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "37032",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "36288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106589",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-51281",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "id": "VAR-202002-0084",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T13:44:25.151000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.apple.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.freebsd.org/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.openbsd.org/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.php.net/"
      },
      {
        "title": "NetBSD/OpenBSD/FreeBSD/Apple Multiple vendors libc Library Stack Lost Denial of Service Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108022"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.securityfocus.com/archive/1/520390"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/50541"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2014/mar/166"
      },
      {
        "trust": 1.7,
        "url": "https://cxsecurity.com/issue/wlb-2011110082"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3336"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3336"
      },
      {
        "trust": 0.6,
        "url": "http://cxsecurity.com/issue/wlb-2012030272"
      },
      {
        "trust": 0.3,
        "url": "http://securityreason.com/achievement_securityalert/70"
      },
      {
        "trust": 0.3,
        "url": "http://securityreason.com/achievement_exploitalert/14"
      },
      {
        "trust": 0.3,
        "url": "http://www.php.net/"
      },
      {
        "trust": 0.3,
        "url": "http://securityreason.com/achievement_securityalert/102"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/520390"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "db": "BID",
        "id": "37032"
      },
      {
        "db": "BID",
        "id": "50541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "date": "2009-11-13T00:00:00",
        "db": "BID",
        "id": "37032"
      },
      {
        "date": "2011-11-04T00:00:00",
        "db": "BID",
        "id": "50541"
      },
      {
        "date": "2020-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      },
      {
        "date": "2020-02-12T20:15:13.353000",
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51281"
      },
      {
        "date": "2015-03-19T08:39:00",
        "db": "BID",
        "id": "37032"
      },
      {
        "date": "2014-03-17T11:35:00",
        "db": "BID",
        "id": "50541"
      },
      {
        "date": "2020-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      },
      {
        "date": "2021-07-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      },
      {
        "date": "2020-02-18T19:49:54.197000",
        "db": "NVD",
        "id": "CVE-2011-3336"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "regcomp of  BSD implementation Resource exhaustion vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-005609"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-154"
      }
    ],
    "trust": 0.6
  }
}

ghsa-g49p-q335-6257

Vulnerability from github

Published

2022-04-22 00:24

Modified

2022-04-22 00:24

Details

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3336"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.",
  "id": "GHSA-g49p-q335-6257",
  "modified": "2022-04-22T00:24:26Z",
  "published": "2022-04-22T00:24:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3336"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2011110082"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/archive/1/520390"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Mar/166"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/50541"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2011-3336

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.

Aliases

CVE-2011-3336

Aliases

CVE-2011-3336

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3336",
    "description": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.",
    "id": "GSD-2011-3336",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-3336"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3336"
      ],
      "details": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.",
      "id": "GSD-2011-3336",
      "modified": "2023-12-13T01:19:09.523230Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2011-3336",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "through 2011"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Mar/166"
          },
          {
            "name": "50541",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/50541"
          },
          {
            "name": "20111104 Multiple BSD libc/regcomp(3) Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "https://www.securityfocus.com/archive/1/520390"
          },
          {
            "name": "https://cxsecurity.com/issue/WLB-2011110082",
            "refsource": "MISC",
            "url": "https://cxsecurity.com/issue/WLB-2011110082"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.10",
                "versionStartIncluding": "5.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.7.2",
                "versionStartIncluding": "10.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:8.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:openbsd:openbsd:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2011-3336"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50541",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/50541"
            },
            {
              "name": "https://cxsecurity.com/issue/WLB-2011110082",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2011110082"
            },
            {
              "name": "20111104 Multiple BSD libc/regcomp(3) Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.securityfocus.com/archive/1/520390"
            },
            {
              "name": "20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Mar/166"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-02-18T19:49Z",
      "publishedDate": "2020-02-12T20:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-3336 (GCVE-0-2011-3336)

Vulnerability from cvelistv5

fkie_cve-2011-3336

Vulnerability from fkie_nvd

var-202002-0084

Vulnerability from variot

ghsa-g49p-q335-6257

Vulnerability from github

gsd-2011-3336

Vulnerability from gsd

Tags

Sightings

Nomenclature