#VU45190 Input validation error in PHP
Vulnerability identifier: #VU45190
Vulnerability risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor: PHP Group
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
Mitigation
Install update from vendor's website.
Vulnerable software versions
PHP: 3.0 - 3.0.18, 4.0 - 4.0.7, 4.1.0 - 4.1.2, 4.2.0 - 4.2.3, 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.3.0 - 5.3.4
External links
http://bugs.php.net/bug.php?id=49072
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://www.debian.org/security/2011/dsa-2266
http://www.mandriva.com/security/advisories?name=MDVSA-2011:052
http://www.mandriva.com/security/advisories?name=MDVSA-2011:053
http://www.php.net/ChangeLog-5.php
http://www.redhat.com/support/errata/RHSA-2011-1423.html
http://www.securityfocus.com/bid/46975
http://www.vupen.com/english/advisories/2011/0744
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
