Lucene search

K

[email protected]NVD:CVE-2010-1915

HistoryMay 12, 2010 - 11:46 a.m.

CVE-2010-1915

2010-05-1211:46:40

CWE-200

[email protected]

web.nvd.nist.gov

6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

60.8%

The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.

Affected configurations

Nvd

Node

phpphpMatch5.2.0

OR

phpphpMatch5.2.1

OR

phpphpMatch5.2.2

OR

phpphpMatch5.2.3

OR

phpphpMatch5.2.4

OR

phpphpMatch5.2.5

OR

phpphpMatch5.2.6

OR

phpphpMatch5.2.7

OR

phpphpMatch5.2.8

OR

phpphpMatch5.2.9

OR

phpphpMatch5.2.10

OR

phpphpMatch5.2.11

OR

phpphpMatch5.2.12

OR

phpphpMatch5.3.0

OR

phpphpMatch5.3.1

OR

phpphpMatch5.3.2

References

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html

exchange.xforce.ibmcloud.com/vulnerabilities/58586

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

60.8%

Related for NVD:CVE-2010-1915

cvelist1 prion1 cve1 ubuntucve1 nessus8 openvas14 fedora6 securityvulns1 gentoo1