CVE-2010-3709
published 2010-11-09CVE-2010-3709: The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
13.33%
95.9th percentile
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| php | php | >= 5.2.0 < 5.2.15 | 5.2.15 |
| php | php | >= 5.3.0 < 5.3.4 | 5.3.4 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_ubuntu6.8MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2011-01-11·CVSS 6.8
CVE-2010-4409 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)
It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)
It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)
Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
Red Hat
php: NULL pointer dereference in ZipArchive::getArchiveComment
vendor_redhat·2010-10-19·CVSS 4.3
CVE-2010-3709 [MEDIUM] CWE-476 php: NULL pointer dereference in ZipArchive::getArchiveComment
php: NULL pointer dereference in ZipArchive::getArchiveComment
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
Statement: This issue did not affect the version of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5.
Package: php53 (Red Hat Enterprise Linux 5) - Affected
GHSA
GHSA-rh65-964j-gj4h: The ZipArchive::getArchiveComment function in PHP 5
ghsa_unreviewed·2022-05-17
CVE-2010-3709 [MEDIUM] CWE-20 GHSA-rh65-964j-gj4h: The ZipArchive::getArchiveComment function in PHP 5
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
No detection rules found.
Bugzilla
CVE-2010-3709 php: NULL pointer dereference in ZipArchive::getArchiveComment
bugzilla·2010-11-09·CVSS 4.3
CVE-2010-3709 [MEDIUM] CVE-2010-3709 php: NULL pointer dereference in ZipArchive::getArchiveComment
CVE-2010-3709 php: NULL pointer dereference in ZipArchive::getArchiveComment
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3709 to
the following vulnerability:
Name: CVE-2010-3709
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
Assigned: 20101001
Reference: SREASONRES:20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
Reference: URL: http://securityreason.com/achievement_securityalert/90
Reference: EXPLOIT-DB:15431
Reference: URL: http://www.exploit-db.com/exploits/15431
Reference: CONFIRM: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log
Reference: CONFIRM: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
Reference: MANDRIVA:MDVSA-2010:218
Reference:
URL:
Bugzilla
CVE-2009-5016 CVE-2010-3870 CVE-2010-3709 CVE-2010-4156 php various flaws [fedora-all]
bugzilla·2010-11-03·CVSS 6.8
CVE-2009-5016 [MEDIUM] CVE-2009-5016 CVE-2010-3870 CVE-2010-3709 CVE-2010-4156 php various flaws [fedora-all]
CVE-2009-5016 CVE-2010-3870 CVE-2010-3709 CVE-2010-4156 php various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=649056
Please note: this issue affe
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://marc.info/?l=bugtraq&m=130331363227777&w=2http://marc.info/?l=bugtraq&m=133469208622507&w=2http://secunia.com/advisories/42729http://secunia.com/advisories/42812http://securityreason.com/achievement_securityalert/90http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619http://support.apple.com/kb/HT4581http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=loghttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=loghttp://www.exploit-db.com/exploits/15431http://www.mandriva.com/security/advisories?name=MDVSA-2010:218http://www.php.net/ChangeLog-5.phphttp://www.php.net/archive/2010.php#id2010-12-10-1http://www.php.net/releases/5_2_15.phphttp://www.php.net/releases/5_3_4.phphttp://www.redhat.com/support/errata/RHSA-2011-0195.htmlhttp://www.securityfocus.com/bid/44718http://www.securitytracker.com/id?1024690http://www.ubuntu.com/usn/USN-1042-1http://www.vupen.com/english/advisories/2010/3313http://www.vupen.com/english/advisories/2011/0020http://www.vupen.com/english/advisories/2011/0021http://www.vupen.com/english/advisories/2011/0077http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://marc.info/?l=bugtraq&m=130331363227777&w=2http://marc.info/?l=bugtraq&m=133469208622507&w=2http://secunia.com/advisories/42729http://secunia.com/advisories/42812http://securityreason.com/achievement_securityalert/90http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619http://support.apple.com/kb/HT4581http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=loghttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=loghttp://www.exploit-db.com/exploits/15431http://www.mandriva.com/security/advisories?name=MDVSA-2010:218http://www.php.net/ChangeLog-5.phphttp://www.php.net/archive/2010.php#id2010-12-10-1http://www.php.net/releases/5_2_15.phphttp://www.php.net/releases/5_3_4.phphttp://www.redhat.com/support/errata/RHSA-2011-0195.htmlhttp://www.securityfocus.com/bid/44718http://www.securitytracker.com/id?1024690http://www.ubuntu.com/usn/USN-1042-1http://www.vupen.com/english/advisories/2010/3313http://www.vupen.com/english/advisories/2011/0020http://www.vupen.com/english/advisories/2011/0021http://www.vupen.com/english/advisories/2011/0077
2010-11-09
Published