Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2225
HistoryJun 24, 2010 - 12:00 a.m.

CVE-2010-2225

2010-06-2400:00:00
ubuntu.com
ubuntu.com
20
cve-2010-2225
use-after-free vulnerability
php 5.2.x
php 5.3.x
splobjectstorage unserializer
remote attackers
arbitrary code execution
sensitive information disclosure
serialized data
php unserialize function

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.035

Percentile

91.7%

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP
5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary
code or obtain sensitive information via serialized data, related to the
PHP unserialize function.

Bugs

Notes

Author Note
mdeslaur SplObjectStorage doesn’t have an unserializer in php 5.1.x
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.12UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.6UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.5UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.5UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.035

Percentile

91.7%