{
  "public_date" : "2010-05-09T00:00:00Z",
  "bugzilla" : {
    "description" : "php: preg_quote interruption vulnerability (MOPS-2010-017)",
    "id" : "617211",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=617211"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "draft"
  },
  "details" : [ "The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory." ],
  "statement" : "Red Hat does not consider interruption issues allowing safe_mode / open_basedir\nrestriction bypass to be security sensitive.  For more details see\nhttps://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and\nhttp://www.php.net/security-note.php",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-1915\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1915" ],
  "name" : "CVE-2010-1915",
  "csaw" : false
}