CVE-2010-3710

Publication date 25 October 2010

Last updated 24 July 2024


Ubuntu priority

Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.

Read the notes from the security team

Status

Package Ubuntu Release Status
php5 10.10 maverick
Fixed 5.3.3-1ubuntu9.2
10.04 LTS lucid
Fixed 5.3.2-1ubuntu4.6
9.10 karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.6
9.04 jaunty Ignored end of life, was needed
8.04 LTS hardy
Fixed 5.2.4-2ubuntu5.13
6.06 LTS dapper
Not affected

Notes


mdeslaur

PoC in php bug


sbeattie

logical_filter code doesn't exist in dapper's version of php

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
php5

References

Related Ubuntu Security Notices (USN)

Other references