CVE-2011-1467

Опубликовано: 07 дек. 2010

Источник: redhat

EPSS Низкий

Описание

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

Отчет

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 4	php	Not affected
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 5	php53	Affected
Red Hat Enterprise Linux 6	php	Affected

Показывать по

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=690894php: NumberFormatter: set a symbol value crash (DoS) on bogus values

EPSS

Процентиль: 91%

0.06881

Низкий

Связанные уязвимости

CVE-2011-1467

ubuntu

больше 14 лет назад

CVE-2011-1467

nvd

больше 14 лет назад

CVE-2011-1467

debian

больше 14 лет назад

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfm ...

GHSA-h6jj-jqvx-gmqp

github

около 3 лет назад

BDU:2022-02616

CVSS3: 5.3

fstec

больше 14 лет назад

Уязвимость функции NumberFormatter::setSymbol интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 91%

0.06881

Низкий