CVE-2010-2191

08.06.2010, 00:30

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.  NOTE: vectors 2 through 4 are related to the call time pass by reference feature.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.4 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Vendor	Product	Version
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6
php	php	5.2.7
php	php	5.2.8
php	php	5.2.9
php	php	5.2.10
php	php	5.2.11
php	php	5.2.12
php	php	5.2.13
php	php	5.3.0
php	php	5.3.1
php	php	5.3.2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php5

lucid	ignored
karmic	ignored
jaunty	ignored
hardy	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-051-php-unpack-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-052-php-pack-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-053-php-zend_fetch_rw-opcode-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-054-php-zend_concatzend_assign_concat-opcode-interruption-information-leak-and-memory-corruption-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-055-php-arrayobjectuasort-interruption-memory-corruption-vulnerability/index.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/59221

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-051-php-unpack-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-052-php-pack-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-053-php-zend_fetch_rw-opcode-interruption-information-leak-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-054-php-zend_concatzend_assign_concat-opcode-interruption-information-leak-and-memory-corruption-vulnerability/index.html

http://www.php-security.org/2010/05/31/mops-2010-055-php-arrayobjectuasort-interruption-memory-corruption-vulnerability/index.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/59221