Vulnerability Details CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://pastebin.com/mXGidCsd
- http://secunia.com/advisories/40860
- http://support.apple.com/kb/HT4312
- http://twitter.com/i0n1c/statuses/16373156076
- http://twitter.com/i0n1c/statuses/16447867829
- http://www.debian.org/security/2010/dsa-2089
- http://www.securityfocus.com/bid/40948
- https://bugzilla.redhat.com/show_bug.cgi?id=605641
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://pastebin.com/mXGidCsd
- http://secunia.com/advisories/40860
- http://support.apple.com/kb/HT4312
- http://twitter.com/i0n1c/statuses/16373156076
- http://twitter.com/i0n1c/statuses/16447867829
- http://www.debian.org/security/2010/dsa-2089
- http://www.securityfocus.com/bid/40948
- https://bugzilla.redhat.com/show_bug.cgi?id=605641
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
Products affected by CVE-2010-2225
-
cpe:2.3:a:php:php:5.2.0
-
cpe:2.3:a:php:php:5.2.1
-
cpe:2.3:a:php:php:5.2.10
-
cpe:2.3:a:php:php:5.2.11
-
cpe:2.3:a:php:php:5.2.12
-
cpe:2.3:a:php:php:5.2.13
-
cpe:2.3:a:php:php:5.2.2
-
cpe:2.3:a:php:php:5.2.3
-
cpe:2.3:a:php:php:5.2.4
-
cpe:2.3:a:php:php:5.2.5
-
cpe:2.3:a:php:php:5.2.6
-
cpe:2.3:a:php:php:5.2.7
-
cpe:2.3:a:php:php:5.2.8
-
cpe:2.3:a:php:php:5.2.9
-
cpe:2.3:a:php:php:5.3.0
-
cpe:2.3:a:php:php:5.3.1
-
cpe:2.3:a:php:php:5.3.2