CVE-2010-2225
PHP 5.2.x and 5.3.x through 5.3.2 - Use-After-Free in SplObjectStorage Unserializer
Title source: llmDescription
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
References (13)
Core 13
Core References
Various Sources x_refsource_misc
http://twitter.com/i0n1c/statuses/16373156076
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59610
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=605641
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4312
Various Sources x_refsource_misc
http://twitter.com/i0n1c/statuses/16447867829
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40860
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133469208622507&w=2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2089
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40948
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
Exploit x_refsource_misc
http://pastebin.com/mXGidCsd
Scores
EPSS
0.0219
EPSS Percentile
84.6%
Details
CWE
CWE-399
Status
published
Products (17)
php/php
5.2.0
php/php
5.2.1
php/php
5.2.2
php/php
5.2.3
php/php
5.2.4
php/php
5.2.5
php/php
5.2.6
php/php
5.2.7
php/php
5.2.8
php/php
5.2.9
... and 7 more
Published
Jun 24, 2010
Tracked Since
Feb 18, 2026