4.3

CVE-2010-3709

Exploit
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 5.2.0 < 5.2.15
PhpPhp Version >= 5.3.0 < 5.3.4
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.33% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.php.net/ChangeLog-5.php
Vendor Advisory
http://marc.info/?l=bugtraq&m=133469208622507&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=130331363227777&w=2
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4581
Third Party Advisory
http://www.php.net/archive/2010.php#id2010-12-10-1
Vendor Advisory
http://www.php.net/releases/5_3_4.php
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/42812
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
Broken Link
http://www.php.net/releases/5_2_15.php
Vendor Advisory
http://www.ubuntu.com/usn/USN-1042-1
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0020
Permissions Required
http://www.vupen.com/english/advisories/2011/0021
Permissions Required
http://www.vupen.com/english/advisories/2011/0077
Permissions Required
http://secunia.com/advisories/42729
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3313
Permissions Required
http://securityreason.com/achievement_securityalert/90
Third Party Advisory
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log
Patch
Vendor Advisory
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
Patch
Vendor Advisory
http://www.exploit-db.com/exploits/15431
Third Party Advisory
Exploit
VDB Entry
http://www.redhat.com/support/errata/RHSA-2011-0195.html
Third Party Advisory
http://www.securityfocus.com/bid/44718
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1024690
Third Party Advisory
VDB Entry