Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3710 to
the following vulnerability:
Reference: CONFIRM: http://bugs.php.net/bug.php?id=52929
Stack consumption vulnerability in the filter_var function in PHP
5.2.x through 5.2.14 and 5.3.x through 5.3.3, when
FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a
denial of service (memory consumption and application crash) via a
long e-mail address string.
Upstream fix is here: http://svn.php.net/viewvc/?view=revision&revision=303779
filter_var() was introduced in PHP 5.2.0 so this does not affect versions of PHP prior to that.
Created php tracking bugs for this issue
Affects: fedora-all [bug 646688]
This was corrected in upstream 5.3.4.
What happens here is stack overflow caused by deep recursion in the PCRE regular expression engine, when long input is compared to a "valid email address" regular expression. This regular expression was changed in between PHP versions 5.3.2 and 5.3.3:
This issue does not occur with the previously used regular expression. Hence only php53 packages introduced in Red Hat Enterprise Linux 5.6 were affected.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2011:0196 https://rhn.redhat.com/errata/RHSA-2011-0196.html
This issue did not affect the version of php packages as shipped with Red Hat Enterprise Linux 4, 5 or 6. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5.