CVE-2011-4885
Published: 29 December 2011
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
hardy |
Released
(5.2.4-2ubuntu5.22)
|
| lucid |
Released
(5.3.2-1ubuntu4.13)
|
|
| maverick |
Released
(5.3.3-1ubuntu9.9)
|
|
| natty |
Released
(5.3.5-1ubuntu7.6)
|
|
| oneiric |
Released
(5.3.6-13ubuntu3.5)
|
|
| upstream |
Released
(5.3.9)
|
|
|
Patches: upstream: http://svn.php.net/viewvc?view=revision&revision=321003 upstream: http://svn.php.net/viewvc?view=revision&revision=321040 |
||