CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
60.8%
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2
allows context-dependent attackers to obtain sensitive information (memory
contents) by causing a userspace interruption of an internal function,
related to the call time pass by reference feature, modification of ZVALs
whose values are not updated in the associated local variables, and access
of previously-freed memory.
Author | Note |
---|---|
mdeslaur | see CVE-2010-1864 for patch interruption issue, safe_mode - open_basedir bypass, ignoring This is MOPS-2010-017 |