CVE-2010-3710

EUVD-2010-3692
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
dapper
not-affected
hardy
Fixed 5.2.4-2ubuntu5.13
released
jaunty
ignored
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.6
released
lucid
Fixed 5.3.2-1ubuntu4.6
released
maverick
Fixed 5.3.3-1ubuntu9.2
released
Common Weakness Enumeration
References
http://bugs.php.net/bug.php?id=52929
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://secunia.com/advisories/42812
http://secunia.com/advisories/43189
http://support.apple.com/kb/HT4581
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/releases/5_2_15.php
http://www.php.net/releases/5_3_4.php
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://www.securityfocus.com/bid/43926
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077
http://bugs.php.net/bug.php?id=52929
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://secunia.com/advisories/42812
http://secunia.com/advisories/43189
http://support.apple.com/kb/HT4581
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/releases/5_2_15.php
http://www.php.net/releases/5_3_4.php
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://www.securityfocus.com/bid/43926
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077