DEBIAN-CVE-2011-0421

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2011-0421

Downstream

DSA-2266-1

Published: 20 Mar 2011, 02:00

Last modified:28 Apr 2026, 20:06

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Mar 2011, 02:00

Published

Vulnerability first disclosed

28 Apr 2026, 20:06

Last Modified

Vulnerability information updated

Description

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

Affected Systems

debian•libzip
< 0.10-1 | < 0.10-1 | < 0.10-1 | < 0.10-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2011-0421