7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities :
A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)
A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)
A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)
crypt_blowfish was updated to 1.2. (CVE-2011-2483)
Multiple null pointer dereferences exist.
An unspecified crash exists in error_log().
A buffer overflow vulnerability exists in crypt().
A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.
Binary data 6015.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268
php.net/ChangeLog-5.php#5.3.7
securityreason.com/achievement_securityalert/101
securityreason.com/exploitalert/10738
www.php.net/releases/5.3.7.php
bugs.php.net/bug.php?id=52523
bugs.php.net/bug.php?id=54238
bugs.php.net/bug.php?id=54681
bugs.php.net/bug.php?id=54939
bugs.php.net/bug.php?id=55169