Lucene search

K
cve[email protected]CVE-2010-2950
HistorySep 28, 2010 - 6:00 p.m.

CVE-2010-2950

2010-09-2818:00:02
CWE-134
web.nvd.nist.gov
45
cve-2010-2950
format string vulnerability
php
stream.c
phar extension
nvd
memory contents
arbitrary code
uri
vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.

Affected configurations

NVD
Node
phpphpMatch5.3.0
OR
phpphpMatch5.3.1
OR
phpphpMatch5.3.2
OR
phpphpMatch5.3.3

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%