FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1148

This CVE name corresponds to:

Entered Topic
2011-08-20 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1148 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-1148
Phase Assigned(20110303)

Description

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

References

Source Reference
MLIST [oss-security] 20110313 CVE request: PHP substr_replace() use-after-free
MLIST [oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free
MLIST [oss-security] 20110313 Re: CVE request: PHP substr_replace() use-after-free
CONFIRM http://bugs.php.net/bug.php?id=54238
CONFIRM http://www.php.net/ChangeLog-5.php#5.3.7
CONFIRM http://www.php.net/archive/2011.php#id2011-08-18-1
CONFIRM http://support.apple.com/kb/HT5130
APPLE APPLE-SA-2012-02-01-1
MANDRIVA MDVSA-2011:165
REDHAT RHSA-2011:1423
BID 46843
BID 49241
XF php-substrreplace-code-exec(66080)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.