CVE-2010-1915

The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:15

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html -
References () http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html - () http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/58586 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/58586 -

Information

Published : 2010-05-12 11:46

Updated : 2024-11-21 01:15


NVD link : CVE-2010-1915

Mitre link : CVE-2010-1915

CVE.ORG link : CVE-2010-1915


JSON object : View

Products Affected

php

  • php
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor