Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-03-16 15:55
Updated : 2017-08-16 18:33
NVD link : CVE-2011-1153
Mitre link : CVE-2011-1153
JSON object : View
CWE
CWE-134
Use of Externally-Controlled Format String
Products Affected
php
- php