CVE - CVE-2011-1153

CVE-ID
CVE-2011-1153	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:43744 URL:http://secunia.com/advisories/43744 MISC:46854 URL:http://www.securityfocus.com/bid/46854 MISC:ADV-2011-0744 URL:~~http://www.vupen.com/english/advisories/2011/0744~~ (Obsolete source) MISC:ADV-2011-0764 URL:~~http://www.vupen.com/english/advisories/2011/0764~~ (Obsolete source) MISC:ADV-2011-0890 URL:~~http://www.vupen.com/english/advisories/2011/0890~~ (Obsolete source) MISC:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html MISC:DSA-2266 URL:http://www.debian.org/security/2011/dsa-2266 MISC:FEDORA-2011-3614 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html MISC:FEDORA-2011-3636 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html MISC:FEDORA-2011-3666 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html MISC:MDVSA-2011:052 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:052~~ (Obsolete source) MISC:MDVSA-2011:053 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:053~~ (Obsolete source) MISC:[oss-security] 20110314 CVE request: format-string vulnerability in PHP Phar extension URL:http://openwall.com/lists/oss-security/2011/03/14/13 MISC:[oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension URL:http://openwall.com/lists/oss-security/2011/03/14/14 MISC:[oss-security] 20110314 Re: CVE request: format-string vulnerability in PHP Phar extension URL:http://openwall.com/lists/oss-security/2011/03/14/24 MISC:http://bugs.php.net/bug.php?id=54247 URL:http://bugs.php.net/bug.php?id=54247 MISC:http://support.apple.com/kb/HT5002 URL:http://support.apple.com/kb/HT5002 MISC:http://svn.php.net/viewvc?view=revision&revision=309221 URL:http://svn.php.net/viewvc?view=revision&revision=309221 MISC:http://www.php.net/ChangeLog-5.php URL:http://www.php.net/ChangeLog-5.php MISC:http://www.php.net/archive/2011.php URL:http://www.php.net/archive/2011.php MISC:http://www.php.net/releases/5_3_6.php URL:http://www.php.net/releases/5_3_6.php MISC:https://bugzilla.redhat.com/show_bug.cgi?id=688378 URL:https://bugzilla.redhat.com/show_bug.cgi?id=688378 MISC:php-pharobject-format-string(66079) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/66079
Assigning CNA
Red Hat, Inc.
Date Record Created
20110303	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110303)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.