CVE-2011-1148

Published: 18 March 2011

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=310194