vendor:
PHP
by:
Maksymilian Arciemowicz
7,5
CVSS
HIGH
NULL Pointer Deference
476
CWE
Product Name: PHP
Affected Version From: PHP 5.3.3
Affected Version To: PHP 5.2.14
Patch Exists: YES
Related CWE: CVE-2010-3709
CPE: a:php:php:5.3.3,cpe:/a:php:php:5.2.14
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0195/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-3709/, https://www.rapid7.com/db/vulnerabilities/apple-osx-airport-cve-2010-3709/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-3709/, https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2010-3709/, https://www.rapid7.com/db/vulnerabilities/php-cve-2010-3709/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2a41233d-10e7-11e0-becc-0022156e8794/, https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2010-3709/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2010
PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
ZipArchive enables you to transparently read or write ZIP compressed archives and the files inside them. ZipArchive::getArchiveComment — Returns the Zip archive comment. The ZipArchive::getArchiveComment method returns a string from the zip_get_archive_comment() function, which can return NULL and -1.
Mitigation:
Fixed in CVS
