CVE-2010-3870
published 2010-11-12CVE-2010-3870: The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
11.28%
95.4th percentile
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Affected
83 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| php | php | < 5.2.14 | 5.2.14 |
| php | php | <= 5.2.10 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvvf-r2h9-2v8x: The utf8_decode function in PHP before 5
ghsa_unreviewed·2022-05-14
CVE-2010-3870 [MEDIUM] CWE-20 GHSA-gvvf-r2h9-2v8x: The utf8_decode function in PHP before 5
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
GHSA
GHSA-8fg6-84xm-jg65: Integer overflow in the xml_utf8_decode function in ext/xml/xml
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-5016 [MEDIUM] GHSA-8fg6-84xm-jg65: Integer overflow in the xml_utf8_decode function in ext/xml/xml
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2011-01-11·CVSS 6.8
CVE-2010-4409 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)
It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)
It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)
Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
Red Hat
php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
vendor_redhat·2009-09-27·CVSS 6.8
CVE-2009-5016 [MEDIUM] CWE-79 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
Red Hat
php: XSS mitigation bypass via utf8_decode()
vendor_redhat·2009-09-27·CVSS 6.8
CVE-2010-3870 [MEDIUM] CWE-79 php: XSS mitigation bypass via utf8_decode()
php: XSS mitigation bypass via utf8_decode()
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Package: php53 (Red Hat Enterprise Linux 5) - Affected
No detection rules found.
Bugzilla
CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
bugzilla·2010-11-12·CVSS 6.8
CVE-2009-5016 [MEDIUM] CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5016 to
the following vulnerability:
Name: CVE-2009-5016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5016
Assigned: 20101112
Reference: MISC: http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
Reference: MISC: http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
Reference: CONFIRM: http://bugs.php.net/bug.php?id=49687
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in
PHP before 5.2.11 makes it easier for remote attackers to bypass
cross-site scripting (XSS) and SQL injection protection mechanisms via
a crafted string that u
Bugzilla
CVE-2009-5016 CVE-2010-3870 CVE-2010-3709 CVE-2010-4156 php various flaws [fedora-all]
bugzilla·2010-11-03·CVSS 6.8
CVE-2009-5016 [MEDIUM] CVE-2009-5016 CVE-2010-3870 CVE-2010-3709 CVE-2010-4156 php various flaws [fedora-all]
CVE-2009-5016 CVE-2010-3870 CVE-2010-3709 CVE-2010-4156 php various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=649056
Please note: this issue affe
Bugzilla
CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()
bugzilla·2010-11-02·CVSS 6.8
CVE-2010-3870 [MEDIUM] CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()
CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()
A flaw in how PHP handles decoding UTF8 sequences was reported [1], [2]. A number of attack scenarios are mentioned there that permit malformed UTF8 sequences to bypass intended XSS protections.
This issue has been assigned the name CVE-2010-3870 and was fixed in PHP 5.3 [3], although it looks as though parts of the issue were fixed in the 5.2.11 release.
[1] http://bugs.php.net/bug.php?id=49687
[2] http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
[3] http://svn.php.net/viewvc/?view=revision&revision=304959
Discussion:
Created php tracking bugs for this issue
Affects: fedora-all [bug 649186]
---
Fixed on 5.2 branch now:
http://svn.php.net/viewvc?view=revision&revision=305055
---
This issue
http://bugs.php.net/bug.php?id=48230http://bugs.php.net/bug.php?id=49687http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2http://secunia.com/advisories/42410http://secunia.com/advisories/42812http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.htmlhttp://support.apple.com/kb/HT4581http://svn.php.net/viewvc?view=revision&revision=304959http://us2.php.net/manual/en/function.utf8-decode.php#83935http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdfhttp://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224http://www.openwall.com/lists/oss-security/2010/11/02/1http://www.openwall.com/lists/oss-security/2010/11/02/11http://www.openwall.com/lists/oss-security/2010/11/02/2http://www.openwall.com/lists/oss-security/2010/11/02/4http://www.openwall.com/lists/oss-security/2010/11/02/6http://www.openwall.com/lists/oss-security/2010/11/02/8http://www.openwall.com/lists/oss-security/2010/11/03/1http://www.php.net/ChangeLog-5.phphttp://www.redhat.com/support/errata/RHSA-2010-0919.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0195.htmlhttp://www.securityfocus.com/bid/44605http://www.securitytracker.com/id?1024797http://www.ubuntu.com/usn/USN-1042-1http://www.vupen.com/english/advisories/2010/3081http://www.vupen.com/english/advisories/2011/0020http://www.vupen.com/english/advisories/2011/0021http://www.vupen.com/english/advisories/2011/0077http://bugs.php.net/bug.php?id=48230http://bugs.php.net/bug.php?id=49687http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2http://secunia.com/advisories/42410http://secunia.com/advisories/42812http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.htmlhttp://support.apple.com/kb/HT4581http://svn.php.net/viewvc?view=revision&revision=304959http://us2.php.net/manual/en/function.utf8-decode.php#83935http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdfhttp://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224http://www.openwall.com/lists/oss-security/2010/11/02/1http://www.openwall.com/lists/oss-security/2010/11/02/11http://www.openwall.com/lists/oss-security/2010/11/02/2http://www.openwall.com/lists/oss-security/2010/11/02/4http://www.openwall.com/lists/oss-security/2010/11/02/6http://www.openwall.com/lists/oss-security/2010/11/02/8http://www.openwall.com/lists/oss-security/2010/11/03/1http://www.php.net/ChangeLog-5.phphttp://www.redhat.com/support/errata/RHSA-2010-0919.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0195.htmlhttp://www.securityfocus.com/bid/44605http://www.securitytracker.com/id?1024797http://www.ubuntu.com/usn/USN-1042-1http://www.vupen.com/english/advisories/2010/3081http://www.vupen.com/english/advisories/2011/0020http://www.vupen.com/english/advisories/2011/0021http://www.vupen.com/english/advisories/2011/0077
2010-11-12
Published