9.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.2%
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2
allows context-dependent attackers to obtain sensitive information (memory
contents) by causing a userspace interruption of an internal function,
related to the call time pass by reference feature, modification of ZVALs
whose values are not updated in the associated local variables, and access
of previously-freed memory.
Author | Note |
---|---|
mdeslaur | see CVE-2010-1864 for patch interruption issue, safe_mode - open_basedir bypass, ignoring This is MOPS-2010-017 |