BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

PHP grapheme_extract() NULL Pointer Dereference

Disclosed February 17, 2011    Fully Patched

Vulnerability Description:

PHP contains a NULL Pointer Dereference vulnerability when handling calls to the grapheme_extract() function. Successful exploitation yields a denial of service condition.

Vendors:

PHP

Vulnerable Software/Devices:

PHP 5.3.5

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Denial of Service
Denial of service condition, causing the system to become unresponsive or crashing the vulnerable components. This vulnerability may potentially allow for the compromise of the target system.

BeyondTrust Prevention and Detection:

Mitigation:

A fix has been included in the source repository but has not been applied to the stable release yet.

Links:

CVE(s):

None