CVE-2009-1272
Published Apr 8, 2009
Last updated 15 years ago
Overview
- Description
- The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Vendor comments
- Red HatNot vulnerable. This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1 and v2. This problem was introduced in the fix for CVE-2008-5658. Patch for CVE-2008-5658 as used in Red Hat Application Stack v2 also includes the fix for this crash too.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F526115E-A68E-4B10-AA6A-9CD26CB81AF3"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC"
},
{
"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426"
}
],
"operator": "OR"
}
]
}
]