CVE-2011-1468

PHP <5.3.6 - Memory Corruption

Title source: llm

Description

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.

Exploits (2)

exploitdb WORKING POC VERIFIED

by dovbysh · phpdosphp

https://www.exploit-db.com/exploits/35486

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by dovbysh · phpdosphp

https://www.exploit-db.com/exploits/35487

View Code ZIP pw:eip

References (9)

[Mailing List] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

[Vendor Advisory] http://www.php.net/ChangeLog-5.php

[Exploit] http://bugs.php.net/bug.php?id=54060

[Exploit] http://bugs.php.net/bug.php?id=54061

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:053

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-1423.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0744

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46977

[Vendor Advisory] http://support.apple.com/kb/HT5002

Scores

EPSS 0.0683

EPSS Percentile 91.4%

Details

CWE

CWE-399

Status published

Products (45)

php/php 1.0

php/php 2.0

php/php 2.0b10

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

... and 35 more

Published Mar 20, 2011

Tracked Since Feb 18, 2026