Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2950
HistoryMay 27, 2010 - 12:00 a.m.

CVE-2010-2950

2010-05-2700:00:00
ubuntu.com
ubuntu.com
16

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x
through 5.3.3 allows context-dependent attackers to obtain sensitive
information (memory contents) and possibly execute arbitrary code via a
crafted phar:// URI that is not properly handled by the phar_stream_flush
function, leading to errors in the php_stream_wrapper_log_error function.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2010-2094.

Notes

Author Note
mdeslaur See second patch in CVE-2010-2094 This is MOPS-2010-024 5.3 only, not fixed in 5.3.3
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.5UNKNOWN

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%