Description

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Remediation

References

CVE-2011-0421

Related Vulnerabilities

WordPress Plugin WooCommerce Conversion Tracking Cross-Site Request Forgery (2.0.4)

WordPress Plugin YaMaps for WordPress Cross-Site Scripting (0.6.25)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.4.37.727)

WordPress Plugin WordPress Landing Pages Multiple Unspecified Vulnerabilities (1.7.8)

Ruby Inadequate Encryption Strength Vulnerability (CVE-2011-4121)

Severity

Medium

Classification

CVE-2011-0421

Tags

Missing Update Known Vulnerabilities