Tenable5616.PRMPHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities
Versions of PHP prior to 5.2.14, or 5.3.x prior to 5.3.3 are affected by the following vulnerabilities :
- An information disclosure vulnerability in ‘var_export()’ when a fatal error occurs.
- A resource destruction issue in ‘shm_put_var()’.
- A possible information leak because of an interruption of XOR operator.
- A memory corruption issue caused by an unexpected call-time pass by reference and the following memory clobbering through callbacks.
- A memory corruption issue in ‘ArrayObject::uasort()’.
- A memory corruption issue in ‘parse_str()’.
- A memory corruption issue in ‘pack()’.
- A memory corruption issue in ‘substr_replace()’.
- A memory corruption issue in ‘addcslashes()’.
- A stack exhaustion issue in ‘fnmatch()’.
- A buffer overflow vulnerability in the dechunking filter.
- An arbitrary memory access issue in the sqlite extension.
- A string format validation issue in the phar extension.
- An unspecified issue relating to the handling of session variable serialization on certain prefix characters.
- A NULL pointer dereference issue when processing invalid XML-RPC requests.
- An unserialization issue in ‘SplObjectStorage’.
- Buffer overflow vulnerabilities in ‘mysqlnd_list_fields’ and ‘mysqlnd_change_user’.
- Buffer overflows when handling error packets in mysqlnd.
- A flaw affects ‘sqlite_single_query()’ and ‘sqlite_array_query()’ methods included in the ‘ext/sqlite/sqlite.c’ source file. Specifically, the ‘rres’ resource is not properly initialized before use which may trigger a double-free condition when an empty query is passed to the ‘real_result_dtor()’ function.
Binary data 5616.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2531
seclists.org/fulldisclosure/2011/Oct/483
www.php.net/ChangeLog-5.php#5.2.14
www.php.net/ChangeLog-5.php#5.3.3
www.php.net/releases/5_2_14.php
www.php.net/releases/5_3_3.php