Vulnerability Description
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.2.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58586
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58586
FAQ
What is CVE-2010-1915?
CVE-2010-1915 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an i...
How severe is CVE-2010-1915?
CVE-2010-1915 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1915?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.