CVE-2011-1148

Published: 18 March 2011

Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=310194

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading