FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2a41233d-10e7-11e0-becc-0022156e8794php-zip -- multiple Denial of Service vulnerabilities

The following DoS conditions in Zip extension were fixed in PHP 5.3.4 and PHP 5.2.15:

  • Fixed crash in zip extract method (possible CWE-170).

  • The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Discovery 2010-12-13
Entry 2011-01-13
lt 5.3.4

lt 5.2.15

fe853666-56ce-11e0-9668-001fd0d616cfphp -- ZipArchive segfault with FL_UNCHANGED on empty archive

US-CERT/NIST reports:

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Discovery 2011-03-20
Entry 2011-03-25
lt 5.3.6