Published: 09/11/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The ZipArchive::getArchiveComment function in PHP 5.2.x up to and including 5.2.14 and 5.3.x up to and including 5.3.3 allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
canonical ubuntu linux 10.10
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
canonical ubuntu linux 6.06

Debian Bug report logs - #603751 Three more security issues Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 16 Nov 2010 22:33:02 UTC Severity: important ...

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections This issue only affected Ubuntu 606 LTS, Ubuntu 804 LTS, and Ubuntu 910 (CVE-2009-5016) ...

Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441) When upgrading your php5-common package take special care to accept the changes to the /etc/crond/php5 file Ignoring them would leave the system vulnerable For the ...

[ PHP 533/5214 ZipArchive::getArchiveComment NULL Pointer Deference ] Author: Maksymilian Arciemowicz securityreasoncom/ cxibnet/ Date: - Dis: 14092010 - Pub: 05112010 CVE: CVE-2010-3709 CWE: CWE-476 Status: Fixed in CVS Affected Software: - PHP 533 - PHP 5214 Original URL: securityreasoncom/achievement_sec ...

PHP versions 533 and 5214 suffer from a ZipArchive::getArchiveComment NULL pointer dereference vulnerability ...

CWE-20 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log http://www.exploit-db.com/exploits/15431 http://securityreason.com/achievement_securityalert/90 http://www.securityfocus.com/bid/44718 http://www.securitytracker.com/id?1024690 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html http://www.vupen.com/english/advisories/2010/3313 http://www.vupen.com/english/advisories/2011/0020 http://secunia.com/advisories/42729 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html http://www.php.net/releases/5_3_4.php http://www.php.net/releases/5_2_15.php http://secunia.com/advisories/42812 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.ubuntu.com/usn/USN-1042-1 http://www.vupen.com/english/advisories/2011/0021 http://www.vupen.com/english/advisories/2011/0077 http://www.redhat.com/support/errata/RHSA-2011-0195.html http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=133469208622507&w=2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603751 https://nvd.nist.gov https://usn.ubuntu.com/1042-1/https://www.exploit-db.com/exploits/15431/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3709

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect