Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-03-16 22:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1153
Mitre link : CVE-2011-1153
CVE.ORG link : CVE-2011-1153
JSON object : View
Products Affected
php
- php
CWE
CWE-134
Use of Externally-Controlled Format String