CVE-2010-1915
PHP 5.2-5.2.13 and 5.3-5.3.2 - Information Disclosure via preg_quote Interruption
Title source: llmDescription
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58586
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
Scores
EPSS
0.0050
EPSS Percentile
66.2%
Details
CWE
CWE-200
Status
published
Products (16)
php/php
5.2.0
php/php
5.2.1
php/php
5.2.2
php/php
5.2.3
php/php
5.2.4
php/php
5.2.5
php/php
5.2.6
php/php
5.2.7
php/php
5.2.8
php/php
5.2.9
... and 6 more
Published
May 12, 2010
Tracked Since
Feb 18, 2026