FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- ZipArchive segfault with FL_UNCHANGED on empty archive

Affected packages
php5-zip < 5.3.6

Details

VuXML ID fe853666-56ce-11e0-9668-001fd0d616cf
Discovery 2011-03-20
Entry 2011-03-25

US-CERT/NIST reports:

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

[source]

References

CVE Name CVE-2011-0421

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.