Описание
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
Ссылки
- ExploitVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Permissions Required
- ExploitVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
Integer signedness error in zip_stream.c in the Zip extension in PHP b ...
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
ELSA-2011-1423: php53 and php security update (MODERATE)
EPSS
4.3 Medium
CVSS2