Vulnerability Description
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.2.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://marc.info/?l=bugtraq&m=133469208622507&w=2
- http://pastebin.com/mXGidCsdExploit
- http://secunia.com/advisories/40860
- http://support.apple.com/kb/HT4312
- http://twitter.com/i0n1c/statuses/16373156076
- http://twitter.com/i0n1c/statuses/16447867829
- http://www.debian.org/security/2010/dsa-2089
- http://www.securityfocus.com/bid/40948
- https://bugzilla.redhat.com/show_bug.cgi?id=605641
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
FAQ
What is CVE-2010-2225?
CVE-2010-2225 is a vulnerability with a CVSS score of 7.5 (HIGH). Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized ...
How severe is CVE-2010-2225?
CVE-2010-2225 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2225?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.