CVE-2010-2191

2010-06-0800:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-2191

php

memory corruption

vulnerability

information security

6.1 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.6%

JSON

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.

CPENameOperatorVersion
php:phpphpeq5.2.9
php:phpphpeq5.3.1
php:phpphpeq5.2.7
php:phpphpeq5.2.2
php:phpphpeq5.2.5
php:phpphpeq5.2.12
php:phpphpeq5.2.11
php:phpphpeq5.2.6
php:phpphpeq5.3.0
php:phpphpeq5.2.3

CPE	Name	Operator	Version
php:php	php	eq	5.2.9
php:php	php	eq	5.3.1
php:php	php	eq	5.2.7
php:php	php	eq	5.2.2
php:php	php	eq	5.2.5
php:php	php	eq	5.2.12
php:php	php	eq	5.2.11
php:php	php	eq	5.2.6
php:php	php	eq	5.3.0
php:php	php	eq	5.2.3

Rows per page:

1-10 of 171

References

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

marc.info/?l=bugtraq&m=133469208622507&w=2

www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html

www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html

www.php-security.org/2010/05/31/mops-2010-051-php-unpack-interruption-information-leak-vulnerability/index.html

www.php-security.org/2010/05/31/mops-2010-052-php-pack-interruption-information-leak-vulnerability/index.html

www.php-security.org/2010/05/31/mops-2010-053-php-zend_fetch_rw-opcode-interruption-information-leak-vulnerability/index.html

www.php-security.org/2010/05/31/mops-2010-054-php-zend_concatzend_assign_concat-opcode-interruption-information-leak-and-memory-corruption-vulnerability/index.html

www.php-security.org/2010/05/31/mops-2010-055-php-arrayobjectuasort-interruption-memory-corruption-vulnerability/index.html

exchange.xforce.ibmcloud.com/vulnerabilities/59221