Lucene search

PRIOn knowledge basePRION:CVE-2010-2097

HistoryMay 27, 2010 - 10:30 p.m.

Design/Logic Flaw

2010-05-2722:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

CPENameOperatorVersion
phpeq5.2.9
phpeq5.3.1
phpeq5.2.7
phpeq5.2.2
phpeq5.2.5
phpeq5.2.12
phpeq5.2.11
phpeq5.2.6
phpeq5.3.0
phpeq5.2.3

Name	Operator	Version
php	eq	5.2.9
php	eq	5.3.1
php	eq	5.2.7
php	eq	5.2.2
php	eq	5.2.5
php	eq	5.2.12
php	eq	5.2.11
php	eq	5.2.6
php	eq	5.3.0
php	eq	5.2.3

Rows per page:

1-10 of 171

References

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html

php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html

php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html

marc.info/?l=bugtraq&m=133469208622507&w=2