Launchpad.net

CVE 2010-3870

The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.

Related bugs and status

CVE-2010-3870 (Candidate) is related to these bugs:

Bug #682501: php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?

Summary				In	Importance	Status
	682501	php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?		php5 (Ubuntu)	Undecided	Incomplete
	682501	php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?		php	Undecided	New

Bug #697181: DoS: Infinite loop processing 2.2250738585072011e-308

		In	Importance	Status
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php	Unknown	Unknown
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu Lucid)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu Maverick)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu Natty)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Fedora)	Medium	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3870

Related bugs and status

Related bugs

References