CVE-2011-1470

PHP <5.3.6 - DoS

Title source: llm

Description

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by paulgao · phpdosphp

https://www.exploit-db.com/exploits/35484

View Code ZIP pw:eip

References (8)

[Mailing List] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

[Exploit] http://bugs.php.net/bug.php?id=53579

[Vendor Advisory] http://support.apple.com/kb/HT5002

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:052

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:053

[Vendor Advisory] http://www.php.net/ChangeLog-5.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46969

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0744

Scores

EPSS 0.0306

EPSS Percentile 86.7%

Details

CWE

CWE-20

Status published

Products (45)

php/php 1.0

php/php 2.0

php/php 2.0b10

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

... and 35 more

Published Mar 20, 2011

Tracked Since Feb 18, 2026