Your submission was sent successfully! Close

CVE-2011-4885

Published: 29 December 2011

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
hardy
Released (5.2.4-2ubuntu5.22)
lucid
Released (5.3.2-1ubuntu4.13)
maverick
Released (5.3.3-1ubuntu9.9)
natty
Released (5.3.5-1ubuntu7.6)
oneiric
Released (5.3.6-13ubuntu3.5)
upstream
Released (5.3.9)
Patches:
upstream: http://svn.php.net/viewvc?view=revision&revision=321003
upstream: http://svn.php.net/viewvc?view=revision&revision=321040