7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.4%
Stack-based buffer overflow in the socket_connect function in
ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow
context-dependent attackers to execute arbitrary code via a long pathname
for a UNIX socket.
Author | Note |
---|---|
jdstrand | PoC in http://www.exploit-db.com/exploits/17318/ stack-protector should reduce to DoS, downgrading to low |
mdeslaur | says 5.3.3, but reproducer works on lucid also another PoC: http://www.exploit-db.com/exploits/17486/ |