Unrated severityNVD Advisory· Published Jan 18, 2012· Updated Apr 29, 2026

CVE-2011-4153

Description

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

Affected products

PHP/PHP
cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2012-01/0092.htmlnvdExploit
cxsecurity.com/research/103nvdExploit
www.exploit-db.com/exploits/18370/nvdExploit
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlnvd
lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlnvd
lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.htmlnvd
marc.infonvd
secunia.com/advisories/48668nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000