CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.7%
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP
5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary
code or obtain sensitive information via serialized data, related to the
PHP unserialize function.
Author | Note |
---|---|
mdeslaur | SplObjectStorage doesn’t have an unserializer in php 5.1.x |
nibbles.tuxfamily.org/?p=1837
php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/
twitter.com/i0n1c/status/16447867829
launchpad.net/bugs/cve/CVE-2010-2225
nvd.nist.gov/vuln/detail/CVE-2010-2225
security-tracker.debian.org/tracker/CVE-2010-2225
ubuntu.com/security/notices/USN-989-1
www.cve.org/CVERecord?id=CVE-2010-2225