CVE-2011-0421

PHP < 5.3.6 - Denial of Service via Empty ZIP Archive in Zip Extension

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0421. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates a NULL pointer dereference vulnerability in libzip 0.9.3 and PHP 5.3.5 when the ZIP_FL_UNCHANGED flag is set, leading to a denial of service (DoS). The PoC triggers a crash by calling locateName or statName on an empty ZIP file with the flag.

Description

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Exploits (1)

exploitdb WORKING POC

by Maksymilian Arciemowicz · textdoslinux

https://www.exploit-db.com/exploits/17004

View Code ZIP pw:eip

This exploit demonstrates a NULL pointer dereference vulnerability in libzip 0.9.3 and PHP 5.3.5 when the ZIP_FL_UNCHANGED flag is set, leading to a denial of service (DoS). The PoC triggers a crash by calling locateName or statName on an empty ZIP file with the flag.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: libzip 0.9.3, PHP 5.3.5

No auth needed

Prerequisites: Empty ZIP file or /dev/null · PHP with ZipArchive extension

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:099

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=133469208622507&w=2

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0764

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8146

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=688735

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43621

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:053

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2266

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0890

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66173

Release Notes x_refsource_confirm

http://www.php.net/releases/5_3_6.php

Patch x_refsource_confirm

http://svn.php.net/viewvc/?view=revision&revision=307867

Third Party Advisory third-party-advisory x_refsource_sreasonres

http://securityreason.com/achievement_securityalert/96

Vendor Advisory x_refsource_confirm

http://www.php.net/ChangeLog-5.php

Vendor Advisory x_refsource_confirm

http://www.php.net/archive/2011.php

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/517065/100/0/threaded

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/17004

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:052

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0744

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/46354

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5002

Exploit x_refsource_confirm

http://bugs.php.net/bug.php?id=53885

Scores

EPSS 0.1351

EPSS Percentile 96.0%

Details

Status published

Products (45)

php/php 1.0

php/php 2.0

php/php 2.0b10

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

... and 35 more

Published Mar 20, 2011

Tracked Since Feb 18, 2026