// For flags

CVE-2011-1938

PHP 5.3.5 - 'socket_connect()' Local Buffer Overflow

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

Desbordamiento de búfer basado en pila en la función socket_connect en ext/sockets/sockets.c en PHP v5.3.3 a v5.3.6 podría permitir a atacantes dependientes de contexto ejecutar código de su elección a través de una ruta larga para un socket UNIX.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-05-09 CVE Reserved
  • 2011-05-25 CVE Published
  • 2011-05-25 First Exploit
  • 2023-06-19 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-121: Stack-based Buffer Overflow
CAPEC
References (22)
URL Tag Source
http://osvdb.org/72644 Vdb Entry
http://securityreason.com/securityalert/8262 Third Party Advisory
http://securityreason.com/securityalert/8294 Third Party Advisory
http://support.apple.com/kb/HT5130 X_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.3.7 X_refsource_confirm
http://www.php.net/archive/2011.php#id2011-08-18-1 X_refsource_confirm
http://www.securityfocus.com/bid/49241 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/67606 Vdb Entry
URL Date SRC
https://www.exploit-db.com/exploits/17318 2011-05-25
https://www.exploit-db.com/exploits/17486 2011-07-04
http://www.exploit-db.com/exploits/17318 2024-08-06
URL Date SRC
http://openwall.com/lists/oss-security/2011/05/24/1 2017-08-17
http://openwall.com/lists/oss-security/2011/05/24/9 2017-08-17
http://svn.php.net/viewvc/php/php-src/trunk/ext/sockets/sockets.c?r1=311369&r2=311368&pathrev=311369 2017-08-17
http://svn.php.net/viewvc?view=revision&revision=311369 2017-08-17
URL Date SRC
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html 2017-08-17
http://marc.info/?l=bugtraq&m=133469208622507&w=2 2017-08-17
http://www.debian.org/security/2012/dsa-2399 2017-08-17
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 2017-08-17
http://www.redhat.com/support/errata/RHSA-2011-1423.html 2017-08-17
https://access.redhat.com/security/cve/CVE-2011-1938 2011-11-02
https://bugzilla.redhat.com/show_bug.cgi?id=709067 2011-11-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.3
Search vendor "Php" for product "Php" and version "5.3.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.4
Search vendor "Php" for product "Php" and version "5.3.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.5
Search vendor "Php" for product "Php" and version "5.3.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.6
Search vendor "Php" for product "Php" and version "5.3.6"
-
Affected