Описание
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 5.1.2-1ubuntu3.18 |
| devel | released | 5.3.3-1ubuntu9 |
| hardy | not-affected | 5.2.4-2ubuntu5.10 |
| jaunty | not-affected | 5.2.6.dfsg.1-3ubuntu4.5 |
| karmic | not-affected | 5.2.10.dfsg.1-2ubuntu6.4 |
| lucid | released | 5.3.2-1ubuntu4.5 |
| upstream | needs-triage |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Format string vulnerability in stream.c in the phar extension in PHP 5 ...
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
EPSS
6.8 Medium
CVSS2