Launchpad CVE tracker

CVE 2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Related bugs and status

CVE-2011-4885 (Candidate) is related to these bugs:

Bug #910296: Please backport the upstream patch to prevent attacks based on hash collisions

		In	Importance	Status
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Lucid)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Oneiric)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Maverick)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Hardy)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Natty)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Precise)	Medium	Fix Released

Bug #925772: UPDATE REQUEST: php53u 5.3.10 is available upstream

Summary				In	Importance	Status
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		IUS Community Project	Undecided	Fix Released
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		php5 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-4885

References