CVE-2011-0420

Published: 18 February 2011

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.3.6RC1)
Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=306449

Notes

AuthorNote
mdeslaur
ICU support introduced in 5.3.0, so <lucid is not affected.

References