Lucene search

[email protected]CVE-2010-1860

HistoryMay 07, 2010 - 11:00 p.m.

CVE-2010-1860

2010-05-0723:00:01

CWE-200

[email protected]

web.nvd.nist.gov

php

html_entity_decode

memory corruption

vulnerability

cve-2010-1860

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.

Affected configurations

NVD

Node

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

Node

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

VendorProductVersionCPE
phpphp5.2.5cpe:/a:php:php:5.2.5:::
phpphp5.2.13cpe:/a:php:php:5.2.13:::
phpphp5.2.3cpe:/a:php:php:5.2.3:::
phpphp5.2.1cpe:/a:php:php:5.2.1:::
phpphp5.2.2cpe:/a:php:php:5.2.2:::
phpphp5.2.4cpe:/a:php:php:5.2.4:::
phpphp5.2.9cpe:/a:php:php:5.2.9:::
phpphp5.2.10cpe:/a:php:php:5.2.10:::
phpphp5.2.8cpe:/a:php:php:5.2.8:::
phpphp5.2.0cpe:/a:php:php:5.2.0:::

Vendor	Product	Version	CPE
php	php	5.2.5	cpe:/a:php:php:5.2.5:::
php	php	5.2.13	cpe:/a:php:php:5.2.13:::
php	php	5.2.3	cpe:/a:php:php:5.2.3:::
php	php	5.2.1	cpe:/a:php:php:5.2.1:::
php	php	5.2.2	cpe:/a:php:php:5.2.2:::
php	php	5.2.4	cpe:/a:php:php:5.2.4:::
php	php	5.2.9	cpe:/a:php:php:5.2.9:::
php	php	5.2.10	cpe:/a:php:php:5.2.10:::
php	php	5.2.8	cpe:/a:php:php:5.2.8:::
php	php	5.2.0	cpe:/a:php:php:5.2.0:::