Vulnerability-Lookup

BDU:2022-02615

Vulnerability from fstec - Published: 20.03.2011

Title

Уязвимость функции SdnToJulian интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции SdnToJulian интерпретатора языка программирования PHP связана с ошибками обработки чисел. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Vendor

Red Hat Inc., Novell Inc., Canonical Ltd., Сообщество свободного программного обеспечения, PHP Group

Software Name

Red Hat Enterprise Linux, OpenSUSE Leap, Ubuntu, Debian GNU/Linux, PHP

Software Version

4 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 10.10 (Ubuntu), 9.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.2.10 (PHP), 5.2.4 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.5 (PHP), 4.3.7 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.9 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 4.0.7 (PHP), 3.0.11 (PHP), 3.0.18 (PHP), 3.0.4 (PHP), 3.0.8 (PHP), 3.0.5 (PHP), 5.3.4 (PHP), 5.3.2 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.1 (PHP), 4.3.1 (PHP), 4.4.8 (PHP), 4.2.0 (PHP), 4.3.0 (PHP), 4.4.4 (PHP), 4.0beta1 (PHP), 4.0.5 (PHP), 4.0.4 (PHP), 3.0.10 (PHP), 3.0.3 (PHP), 3.0.6 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 4.3.11 (PHP), 4.3.4 (PHP), 4.2.2 (PHP), 4.4.5 (PHP), 4.4.2 (PHP), 4.4.3 (PHP), 4.0.1 (PHP), 4.0.0 (PHP), 4.0.3 (PHP), 4.0.2 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 4.3.2 (PHP), 4.2.3 (PHP), 4.4.0 (PHP), 4.0beta2 (PHP), 3.0.13 (PHP), 3.0.15 (PHP), 2.0b10 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.0rc1 (PHP), 4.2.1 (PHP), 4.3.8 (PHP), 4.3.9 (PHP), 4.0beta4 (PHP), 4.0.6 (PHP), 3.0.7 (PHP), 3.0.12 (PHP), 3.0.1 (PHP), 3.0.14 (PHP), 3.0.17 (PHP), 2.0 (PHP), 1.0 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.0.5 (PHP), 5.0.1 (PHP), 4.3.3 (PHP), 3.0 (PHP), 3.0.16 (PHP), 3.0.9 (PHP), 4.4.6 (PHP), 4.4.7 (PHP), 4.1.0 (PHP), 3.0.2 (PHP), 5 (Debian GNU/Linux), 6.06 (Ubuntu), 4.0 (PHP), до 5.3.5 включительно (PHP)

Possible Mitigations

Использование рекомендаций: https://www.php.net/ChangeLog-5.php Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2011-1466 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1466.xml Для Ubuntu: https://ubuntu.com/security/CVE-2011-1466 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2011-1466

Reference

http://bugs.php.net/bug.php?id=53574 http://www.php.net/ChangeLog-5.php http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 http://www.mandriva.com/security/advisories?name=MDVSA-2011:053 http://www.vupen.com/english/advisories/2011/0744 http://www.debian.org/security/2011/dsa-2266 http://www.securityfocus.com/bid/46967 http://support.apple.com/kb/HT5002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://www.redhat.com/support/errata/RHSA-2011-1423.html http://secunia.com/advisories/48668 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-0071.html

CWE

CWE-189

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "4 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 10.10 (Ubuntu), 9.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.04 (Ubuntu), 5.2.10 (PHP), 5.2.4 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.5 (PHP), 4.3.7 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.9 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 4.0.7 (PHP), 3.0.11 (PHP), 3.0.18 (PHP), 3.0.4 (PHP), 3.0.8 (PHP), 3.0.5 (PHP), 5.3.4 (PHP), 5.3.2 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP), 5.3.1 (PHP), 4.3.1 (PHP), 4.4.8 (PHP), 4.2.0 (PHP), 4.3.0 (PHP), 4.4.4 (PHP), 4.0beta1 (PHP), 4.0.5 (PHP), 4.0.4 (PHP), 3.0.10 (PHP), 3.0.3 (PHP), 3.0.6 (PHP), 5.2.16 (PHP), 5.0.0 (PHP), 4.3.11 (PHP), 4.3.4 (PHP), 4.2.2 (PHP), 4.4.5 (PHP), 4.4.2 (PHP), 4.4.3 (PHP), 4.0.1 (PHP), 4.0.0 (PHP), 4.0.3 (PHP), 4.0.2 (PHP), 5.3.0 (PHP), 5.2.12 (PHP), 5.2.0 (PHP), 5.2.7 (PHP), 5.2.15 (PHP), 4.3.2 (PHP), 4.2.3 (PHP), 4.4.0 (PHP), 4.0beta2 (PHP), 3.0.13 (PHP), 3.0.15 (PHP), 2.0b10 (PHP), 5.3.3 (PHP), 5.2.6 (PHP), 5.2.9 (PHP), 5.0.0rc1 (PHP), 4.2.1 (PHP), 4.3.8 (PHP), 4.3.9 (PHP), 4.0beta4 (PHP), 4.0.6 (PHP), 3.0.7 (PHP), 3.0.12 (PHP), 3.0.1 (PHP), 3.0.14 (PHP), 3.0.17 (PHP), 2.0 (PHP), 1.0 (PHP), 5.2.8 (PHP), 5.2.2 (PHP), 5.2.17 (PHP), 5.0.5 (PHP), 5.0.1 (PHP), 4.3.3 (PHP), 3.0 (PHP), 3.0.16 (PHP), 3.0.9 (PHP), 4.4.6 (PHP), 4.4.7 (PHP), 4.1.0 (PHP), 3.0.2 (PHP), 5 (Debian GNU/Linux), 6.06 (Ubuntu), 4.0 (PHP), \u0434\u043e 5.3.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.php.net/ChangeLog-5.php\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2011-1466\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1466.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2011-1466\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2011-1466",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.03.2011",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02615",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2011-1466",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, OpenSUSE Leap, Ubuntu, Debian GNU/Linux, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 4 , Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 10.10 , Canonical Ltd. Ubuntu 9.10 , Canonical Ltd. Ubuntu 11.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 , Canonical Ltd. Ubuntu 8.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 5 , Canonical Ltd. Ubuntu 6.06 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SdnToJulian \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0435 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0447\u0438\u0441\u0435\u043b (CWE-189)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SdnToJulian \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0447\u0438\u0441\u0435\u043b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://bugs.php.net/bug.php?id=53574\nhttp://www.php.net/ChangeLog-5.php\nhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:052\nhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:053\nhttp://www.vupen.com/english/advisories/2011/0744\nhttp://www.debian.org/security/2011/dsa-2266\nhttp://www.securityfocus.com/bid/46967\nhttp://support.apple.com/kb/HT5002\nhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\nhttp://www.redhat.com/support/errata/RHSA-2011-1423.html\nhttp://secunia.com/advisories/48668\nhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html\nhttp://rhn.redhat.com/errata/RHSA-2012-0071.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-189",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,7)"
}

CVE-2011-1466 (GCVE-0-2011-1466)

Vulnerability from cvelistv5 – Published: 2011-03-20 01:00 – Updated: 2024-08-06 22:28

Summary

Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://bugs.php.net/bug.php?id=53574	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/46967	vdb-entryx_refsource_BID
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.debian.org/security/2011/dsa-2266	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.php.net/ChangeLog-5.php	x_refsource_CONFIRM
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/48668	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-14…	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2011/0744	vdb-entryx_refsource_VUPEN
	http://rhn.redhat.com/errata/RHSA-2012-0071.html	vendor-advisoryx_refsource_REDHAT
	http://support.apple.com/kb/HT5002	x_refsource_CONFIRM

Date Public ?

2011-03-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.php.net/bug.php?id=53574"
          },
          {
            "name": "46967",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46967"
          },
          {
            "name": "MDVSA-2011:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053"
          },
          {
            "name": "DSA-2266",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2266"
          },
          {
            "name": "openSUSE-SU-2012:0426",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "APPLE-SA-2011-10-12-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
          },
          {
            "name": "48668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48668"
          },
          {
            "name": "RHSA-2011:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
          },
          {
            "name": "MDVSA-2011:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052"
          },
          {
            "name": "ADV-2011-0744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0744"
          },
          {
            "name": "RHSA-2012:0071",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-04-09T09:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.php.net/bug.php?id=53574"
        },
        {
          "name": "46967",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46967"
        },
        {
          "name": "MDVSA-2011:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053"
        },
        {
          "name": "DSA-2266",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2266"
        },
        {
          "name": "openSUSE-SU-2012:0426",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php"
        },
        {
          "name": "APPLE-SA-2011-10-12-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
        },
        {
          "name": "48668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48668"
        },
        {
          "name": "RHSA-2011:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
        },
        {
          "name": "MDVSA-2011:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052"
        },
        {
          "name": "ADV-2011-0744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0744"
        },
        {
          "name": "RHSA-2012:0071",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1466",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.php.net/bug.php?id=53574",
              "refsource": "CONFIRM",
              "url": "http://bugs.php.net/bug.php?id=53574"
            },
            {
              "name": "46967",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46967"
            },
            {
              "name": "MDVSA-2011:053",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053"
            },
            {
              "name": "DSA-2266",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2266"
            },
            {
              "name": "openSUSE-SU-2012:0426",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "APPLE-SA-2011-10-12-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
            },
            {
              "name": "48668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48668"
            },
            {
              "name": "RHSA-2011:1423",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html"
            },
            {
              "name": "MDVSA-2011:052",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052"
            },
            {
              "name": "ADV-2011-0744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0744"
            },
            {
              "name": "RHSA-2012:0071",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5002",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1466",
    "datePublished": "2011-03-20T01:00:00.000Z",
    "dateReserved": "2011-03-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:28:41.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-02615

CVE-2011-1466 (GCVE-0-2011-1466)

Tags

Sightings

Nomenclature