CVE-2011-4153

Name of the Vulnerable Software and Affected Versions PHP version 5.3.8

Description The issue is related to the zend strndup function not always checking its return value, potentially allowing remote attackers to cause a denial of service through a NULL pointer dereference and application crash. This could be achieved by providing crafted input to an application that performs strndup operations on untrusted string data. The affected functions include the define function in zend builtin functions.c, and unspecified functions in ext/soap/php sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com dotnet/com typeinfo.c, and main/php open temporary file.c.

Recommendations For PHP version 5.3.8, consider updating to a newer version to mitigate the risk, as the current version does not properly handle return values from the zend strndup function, leading to potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.