CVE-2011-0420
PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
La función grapheme_extract en la extensión de Internacionalización (Intl) para ICU para PHP v5.3.5 permite provocar una denegación de servicio (con caída de la aplicación) a atacantes dependientes del contexto a través de un argumento de tamaño no válido, lo que provoca una desreferencia de puntero NULL.
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file. Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Various other issues with PHP 5 were also identified and resolved.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-11 CVE Reserved
- 2011-02-16 CVE Published
- 2011-02-16 First Exploit
- 2024-08-06 CVE Updated
- 2025-05-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/8087 | Third Party Advisory | |
http://support.apple.com/kb/HT5002 | X_refsource_confirm |
|
http://www.kb.cert.org/vuls/id/210829 | Third Party Advisory |
|
http://www.securityfocus.com/archive/1/516504/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/516518/100/0/threaded | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/65437 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/98543 | 2011-02-16 | |
https://www.exploit-db.com/exploits/16182 | 2011-02-17 | |
https://www.exploit-db.com/exploits/35354 | 2011-02-17 | |
http://securityreason.com/achievement_securityalert/94 | 2024-08-06 | |
http://www.exploit-db.com/exploits/16182 | 2024-08-06 | |
http://www.securityfocus.com/bid/46429 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449 | 2018-10-10 |
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | 2018-10-10 | |
http://www.debian.org/security/2011/dsa-2266 | 2018-10-10 |