CVE 2011-0421
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE:
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- CONFIRM: http://bugs.php.net/bu...
- CONFIRM: http://www.php.net/Cha...
- CONFIRM: http://www.php.net/arc...
- CONFIRM: http://www.php.net/rel...
- CONFIRM: https://bugzilla.redha...
- SREASONRES: 20110318 libzip 0.9.3 ...
- EXPLOIT-DB: 17004
- FEDORA: FEDORA-2011-3614
- MANDRIVA: MDVSA-2011:052
- MANDRIVA: MDVSA-2011:053
- BID: 46354
- SECUNIA: 43621
- VUPEN: ADV-2011-0744
- VUPEN: ADV-2011-0764
- FEDORA: FEDORA-2011-3636
- FEDORA: FEDORA-2011-3666
- VUPEN: ADV-2011-0890
- MANDRIVA: MDVSA-2011:099
- DEBIAN: DSA-2266
- SREASON: 8146
- CONFIRM: http://support.apple.c...
- APPLE: APPLE-SA-2011-10-12-3
- SUSE: SUSE-SR:2011:009
- CONFIRM: http://svn.php.net/vie...
- HP: HPSBOV02763
- HP: SSRT100826
- XF: libzip-zipnamelocate-d...
- BUGTRAQ: 20110318 libzip 0.9.3 ...
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)