CVE-2011-0420

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 14 years ago

2011-02-19 01:00:00

Last updated 6 years ago

2018-10-10 20:09:00

Affected Software

PHP 5.3.5

5.3.5

References

APPLE-SA-2011-10-12-3

20110217 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference

Exploit

8087

http://support.apple.com/kb/HT5002

http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449

Patch

DSA-2266

16182

VU#210829

US Government Resource

20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference

20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference

46429

Exploit

php-graphemeextract-dos(65437)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.