cbcvebase.
CVE-2010-3709
published 2010-11-09

CVE-2010-3709: The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
13.33%
95.9th percentile
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Affected

7 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
phpphp>= 5.2.0 < 5.2.155.2.15
phpphp>= 5.3.0 < 5.3.45.3.4

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_ubuntu6.8MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.