5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
69.7%
Use-after-free vulnerability in the request shutdown functionality in PHP
5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers
to cause a denial of service (crash) via a stream context structure that is
freed before destruction occurs.
Author | Note |
---|---|
jdstrand | PoC: http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html |
mdeslaur | unfixed in 5.3.3 This is MOPS-2010-022 |
sbeattie | upstream considers a fix invasive, according to referenced oss-security post |
mdeslaur | upstream is ignoring this, so are we. |
openwall.com/lists/oss-security/2010/08/20/4
php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html
launchpad.net/bugs/cve/CVE-2010-2093
nvd.nist.gov/vuln/detail/CVE-2010-2093
security-tracker.debian.org/tracker/CVE-2010-2093
www.cve.org/CVERecord?id=CVE-2010-2093