Main Vulnerability Database Exploits ID:4422 - Exploit for Input validation error in PHP - CVE-2011-3182

ID:4422 - Exploit for Input validation error in PHP - CVE-2011-3182

Published: August 11, 2020

Vulnerability identifier: #VU44783

Vulnerability risk: Medium

CVE-ID: CVE-2011-3182

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/36070/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Remediation

Install update from vendor's website.

ID:4422 - Exploit for Input validation error in PHP - CVE-2011-3182

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human