Description

The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.

Remediation

References

CVE-2009-1272

Related Vulnerabilities

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)

Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2016-0736)

Envoy mishandles dropped and truncated datagrams Issue (CVE-2020-35471)

Liferay Portal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-42132)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Security Bypass (0.9.97.19)

Severity

Medium

Classification

CVE-2009-1272 CWE-20

Tags

Missing Update Known Vulnerabilities