#VU110284 NULL pointer dereference in PHP - CVE-2010-3709

Vulnerability identifier: #VU110284

Vulnerability risk: Medium

CVSSv4.0: N/A

CVE-ID: CVE-2010-3709

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ZIP archive.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14

---

External links
https://www.mandriva.com/security/advisories?name=MDVSA-2010:218
https://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
https://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log
https://www.exploit-db.com/exploits/15431
https://securityreason.com/achievement_securityalert/90
https://www.securityfocus.com/bid/44718
https://www.securitytracker.com/id?1024690
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
https://www.vupen.com/english/advisories/2010/3313
https://www.vupen.com/english/advisories/2011/0020
https://secunia.com/advisories/42729
https://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
https://www.php.net/releases/5_3_4.php
https://www.php.net/releases/5_2_15.php
https://secunia.com/advisories/42812
https://www.php.net/ChangeLog-5.php
https://www.php.net/archive/2010.php#id2010-12-10-1
https://www.ubuntu.com/usn/USN-1042-1
https://www.vupen.com/english/advisories/2011/0021
https://www.vupen.com/english/advisories/2011/0077
https://www.redhat.com/support/errata/RHSA-2011-0195.html
https://support.apple.com/kb/HT4581
https://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://marc.info/?l=bugtraq&m=130331363227777&w=2
https://marc.info/?l=bugtraq&m=133469208622507&w=2

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.