Veracode Vulnerability DatabaseVERACODE:23308Denial Of Service (DoS)
EPSS
Percentile
89.6%
php is vulnerable to denial of service (DoS). The vulnerability exists as it was discovered that the PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data.
References
lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
osvdb.org/38686
secunia.com/advisories/27102
secunia.com/advisories/28658
secunia.com/advisories/30828
secunia.com/advisories/31119
secunia.com/advisories/31200
securityreason.com/securityalert/3109
www.gentoo.org/security/en/glsa/glsa-200710-02.xml
www.mandriva.com/security/advisories?name=MDVSA-2009:022
www.mandriva.com/security/advisories?name=MDVSA-2009:023
www.redhat.com/docs/en-US/Red_Hat_Application_Stack/2.1/html-single/Release_Notes/
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0505.html
www.redhat.com/support/errata/RHSA-2008-0544.html
www.redhat.com/support/errata/RHSA-2008-0545.html
www.redhat.com/support/errata/RHSA-2008-0582.html
www.securityfocus.com/archive/1/478626/100/0/threaded
www.securityfocus.com/archive/1/478630/100/0/threaded
www.securityfocus.com/archive/1/478726/100/0/threaded
www.ubuntu.com/usn/usn-628-1
access.redhat.com/errata/RHSA-2008:0505
exchange.xforce.ibmcloud.com/vulnerabilities/36457
exchange.xforce.ibmcloud.com/vulnerabilities/36461
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897
www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Related
