Fluid Attacks Database

Description

The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	php	<0:5.3.2-6.el6_0.1	0:5.3.2-6.el6_0.1
rpm rhel5	php53	-	-

Aliases

1. CVE-2010-37092. NVD-2010-37093. OSV-2010-3709

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.