Summary: | dev-lang/php: e-after-free in substr_replace() (CVE-2011-1148) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexanderyt, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.php.net/bug.php?id=54238 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2011-03-15 05:04:05 UTC
CVE-2011-1148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1148): Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. Security Enhancements and Fixes in PHP 5.3.7: [..] Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Please add glsa request. Thanks, everyone. Added to existing request. This issue was resolved and addressed in GLSA 201110-06 at http://security.gentoo.org/glsa/glsa-201110-06.xml by GLSA coordinator Tobias Heinlein (keytoaster). |