PHP 'grapheme_extract()' NULL Pointer Dereference Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running PHP and is prone to NULL pointer dereference denial of service vulnerability.

Impact

Successful exploitation could allows context-dependent attackers to cause a denial of service. Impact Level: Network

Solution

Apply the patch http://svn.php.net/viewvc?view=revision&revision=306449 ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

A flaw is caused by a NULL pointer dereference in the 'grapheme_extract()' function in the Internationalization extension (Intl) for ICU which allows context-dependent attackers to cause a denial of service via an invalid size argument.

Affected

PHP version 5.3.5

References

http://securityreason.com/achievement_securityalert/94
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
http://www.exploit-db.com/exploits/16182
http://xforce.iss.net/xforce/xfdb/65437

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0420
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
BadBlue invalid GET DoS
freeSSHd Pre-Authentication Error Remote DoS Vulnerability
Denial Of Service Vulnerability in PHP April-09

Take action and discover your vulnerabilities