PHP 'filter_var()' Function Stack Consumption Vulnerability Network Vulnerability

Summary

This host is running PHP and is prone to stack consumption vulnerability

Impact

Successful exploitation could allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. Impact Level: Network

Solution

Upgrade to PHP version 5.5.9 or later, For updates refer to http://www.php.net/downloads.php

Insight

- The flaw exists due to error in 'filter_var()' function, when FILTER_VALIDATE_EMAIL mode is used while processing the long e-mail address string. - A NULL pointer dereference vulnerability is exists in 'ZipArchive::getArchiveComment'.

Affected

PHP version 5.2 through 5.2.14 and 5.3 through 5.3.3

References

http://bugs.php.net/bug.php?id=52929
http://www.securityfocus.com/archive/1/514562/30/150/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=646684

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3709, CVE-2010-3710

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability

PHP 'filter_var()' function Stack Consumption Vulnerability

Take action and discover your vulnerabilities