Vulnerability Details : CVE-2010-3717
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3717
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3717
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3717
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3717
-
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
Page Not FoundVendor Advisory
-
http://www.debian.org/security/2010/dsa-2121
Debian -- Security Information -- DSA-2121-1 typo3-src
-
http://www.securityfocus.com/bid/43786
TYPO3 Core TYPO3-SA-2010-020 Multiple Security Vulnerabilities
Products affected by CVE-2010-3717
- cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*