FLAT-6Y4KW – Vulnerability | Fluid Attacks Database

Database

Description

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	php53	<0:5.3.3-1.el5_7.3	0:5.3.3-1.el5_7.3
rpm rhel6	php	<0:5.3.3-3.el6_1.3	0:5.3.3-3.el6_1.3

Aliases

1. CVE-2011-14712. NVD-2011-14713. OSV-2011-1471

References

1. https://www.exploit-db.com/exploits/35485