PHP 'grapheme_extract()' NULL Pointer Dereference Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running PHP and is prone to NULL pointer dereference denial of service vulnerability.

Impact

Successful exploitation could allows context-dependent attackers to cause a denial of service. Impact Level: Network

Solution

Apply the patch http://svn.php.net/viewvc?view=revision&revision=306449 ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

A flaw is caused by a NULL pointer dereference in the 'grapheme_extract()' function in the Internationalization extension (Intl) for ICU which allows context-dependent attackers to cause a denial of service via an invalid size argument.

Affected

PHP version 5.3.5

References

http://securityreason.com/achievement_securityalert/94
http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449
http://www.exploit-db.com/exploits/16182
http://xforce.iss.net/xforce/xfdb/65437

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0420

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Baidu Spark Browser Denial of Service Vulnerability -01 August14 (Windows)
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
Comodo Internet Security Denial of Service Vulnerability-03
at32 Reverse Proxy Multiple HTTP Header Fields Denial Of Service Vulnerability

Take action and discover your vulnerabilities