CVE-2011-4885

Published: 29 December 2011

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian 		Upstream
Released (5.3.9)
Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=321003
Upstream: http://svn.php.net/viewvc?view=revision&revision=321040

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading