CVE-2011-1464 in Ubuntu

CVE-2011-1464

Priority

Medium

Description

Buffer overflow in the strval function in PHP before 5.3.6, when the
precision configuration option has a large value, might allow
context-dependent attackers to cause a denial of service (application
crash) via a small numerical value in the argument.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1464
http://www.ubuntu.com/usn/usn-1126-1

Bugs

http://bugs.php.net/bug.php?id=54055

Assigned-to

sbeattie

Package

Source: php5 (LP Ubuntu Debian)

Upstream:	released (5.3.6)
Ubuntu 8.04 LTS (Hardy Heron):	released (5.2.4-2ubuntu5.15)
Ubuntu 10.04 LTS (Lucid Lynx):	released (5.3.2-1ubuntu4.8)
Ubuntu 11.04 (Natty Narwhal):	released (5.3.5-1ubuntu7.1)
Ubuntu 11.10 (Oneiric Ocelot):	not-affected (5.3.5-1ubuntu7.2)

Patches:

Upstream:

http://svn.php.net/viewvc?view=revision&revision=308525

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2012-06-01 15:22:01 UTC (commit 5347)