Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-4150
HistoryDec 07, 2010 - 12:00 a.m.

CVE-2010-4150

2010-12-0700:00:00
ubuntu.com
ubuntu.com
22
cve-2010-4150
double free vulnerability
php 5.2
php 5.3
memory corruption
arbitrary code
imap plugin
separate package

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.019

Percentile

88.7%

Double free vulnerability in the imap_do_open function in the IMAP
extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before
5.3.4 allows attackers to cause a denial of service (memory corruption) or
possibly execute arbitrary code via unspecified vectors.

Notes

Author Note
jdstrand imap plugin is in a separate package (php-imap)

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.019

Percentile

88.7%