Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3709 to the following vulnerability: Name: CVE-2010-3709 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709 Assigned: 20101001 Reference: SREASONRES:20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference Reference: URL: http://securityreason.com/achievement_securityalert/90 Reference: EXPLOIT-DB:15431 Reference: URL: http://www.exploit-db.com/exploits/15431 Reference: CONFIRM: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log Reference: CONFIRM: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log Reference: MANDRIVA:MDVSA-2010:218 Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
Created php tracking bugs for this issue Affects: fedora-all [bug 649186]
This is now corrected upstream in 5.3.4 and 5.2.15.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0195 https://rhn.redhat.com/errata/RHSA-2011-0195.html
Statement: This issue did not affect the version of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5.