Unrated severityNVD Advisory· Published Nov 9, 2010· Updated Apr 29, 2026

CVE-2010-3709

Description

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=5.2.0,<5.2.15
Canonical/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.cnvdPatchVendor Advisory
svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.cnvdPatchVendor Advisory
www.exploit-db.com/exploits/15431nvdExploitThird Party AdvisoryVDB Entry
lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlnvdMailing ListThird Party Advisory
marc.infonvdMailing ListThird Party Advisory
marc.infonvdMailing ListThird Party Advisory
securityreason.com/achievement_securityalert/90nvdThird Party Advisory
slackware.com/security/viewer.phpnvdThird Party Advisory
support.apple.com/kb/HT4581nvdThird Party Advisory
www.php.net/ChangeLog-5.phpnvdVendor Advisory
www.php.net/archive/2010.phpnvdVendor Advisory
www.php.net/releases/5_2_15.phpnvdVendor Advisory
www.php.net/releases/5_3_4.phpnvdVendor Advisory
www.redhat.com/support/errata/RHSA-2011-0195.htmlnvdThird Party Advisory
www.securityfocus.com/bid/44718nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1042-1nvdThird Party Advisory
secunia.com/advisories/42729nvdBroken Link
secunia.com/advisories/42812nvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.vupen.com/english/advisories/2010/3313nvdPermissions Required
www.vupen.com/english/advisories/2011/0020nvdPermissions Required
www.vupen.com/english/advisories/2011/0021nvdPermissions Required
www.vupen.com/english/advisories/2011/0077nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000