CVE-2010-1915
- Public Date:
- 2010-05-09
- Bugzilla:
- 617211: CVE-2010-1915 php: preg_quote interruption vulnerability (MOPS-2010-017)
The MITRE CVE dictionary describes this issue as:
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
Find out more about CVE-2010-1915 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 2.1 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | php | Not affected |
| Red Hat Enterprise Linux 5 | php | Not affected |
| Red Hat Enterprise Linux 4 | php | Not affected |
| Red Hat Enterprise Linux 3 | php | Not affected |
| Red Hat Application Stack v2 for Enterprise Linux (v.5) | php | Affected |
CVE description copyright © 2017, The MITRE Corporation