// For flags

CVE-2010-3709

PHP 5.3.3/5.2.14 - ZipArchive::getArchiveComment Null Pointer Dereference

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

La función ZipArchive::getArchiveCommen en PHP v5.2.x hasta v5.2.14 y v5.3.3 hasta v5.3.x permite a atacantes dependientes de contexto para provocar una denegación de servicio (desreferencia a puntero NULL y caída de la aplicación) a través de un archivo ZIP manipulado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-10-01 CVE Reserved
  • 2010-11-05 First Exploit
  • 2010-11-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-05-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-476: NULL Pointer Dereference
CAPEC
References (25)
URL Tag Source
http://secunia.com/advisories/42729 Broken Link
http://secunia.com/advisories/42812 Broken Link
http://securityreason.com/achievement_securityalert/90 Third Party Advisory
http://support.apple.com/kb/HT4581 Third Party Advisory
http://www.securityfocus.com/bid/44718 Third Party Advisory
http://www.securitytracker.com/id?1024690 Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/15431 2010-11-05
http://www.exploit-db.com/exploits/15431 2024-08-07
URL Date SRC
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log 2023-02-13
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log 2023-02-13
URL Date SRC
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html 2023-02-13
http://marc.info/?l=bugtraq&m=130331363227777&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=133469208622507&w=2 2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 2023-02-13
http://www.php.net/ChangeLog-5.php 2023-02-13
http://www.php.net/archive/2010.php#id2010-12-10-1 2023-02-13
http://www.php.net/releases/5_2_15.php 2023-02-13
http://www.php.net/releases/5_3_4.php 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0195.html 2023-02-13
http://www.ubuntu.com/usn/USN-1042-1 2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3709 2011-02-03
https://bugzilla.redhat.com/show_bug.cgi?id=651206 2011-02-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.2.0 < 5.2.15
Search vendor "Php" for product "Php" and version " >= 5.2.0 < 5.2.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.3.0 < 5.3.4
Search vendor "Php" for product "Php" and version " >= 5.3.0 < 5.3.4"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 9.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"
-
Affected