CVE-2010-3717

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.2.x through 4.2.14 TYPO3 versions 4.3.x through 4.3.6 TYPO3 versions 4.4.x through 4.4.3

Description The issue concerns multiple vulnerabilities in the TYPO3 package that can lead to a breach of protected information. These vulnerabilities can be exploited remotely. A specific function, t3lib div::validEmail, does not properly restrict input, allowing remote attackers to cause a denial of service by consuming memory and crashing the application via a long email address string.

Recommendations For TYPO3 versions 4.2.x through 4.2.14, update to version 4.2.15 or later. For TYPO3 versions 4.3.x through 4.3.6, update to version 4.3.7 or later. For TYPO3 versions 4.4.x through 4.4.3, update to version 4.4.4 or later. As a temporary workaround, consider restricting input to the t3lib div::validEmail function to prevent denial of service attacks.