Vulnerability Details : CVE-2011-1471
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-1471
Probability of exploitation activity in the next 30 days: 3.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1471
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
[email protected] |
CWE ids for CVE-2011-1471
-
Assigned by: [email protected] (Primary)
References for CVE-2011-1471
-
http://bugs.php.net/bug.php?id=49072
Exploit;Vendor Advisory
-
http://www.vupen.com/english/advisories/2011/0744
Permissions Required
-
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Mailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2011-1423.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
Broken Link
-
http://www.debian.org/security/2011/dsa-2266
Third Party Advisory
-
http://www.securityfocus.com/bid/46975
Third Party Advisory;VDB Entry
-
http://www.php.net/ChangeLog-5.php
Vendor Advisory
-
http://support.apple.com/kb/HT5002
Third Party Advisory
Products affected by CVE-2011-1471
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*