CVE-2010-2225

Exploit

EPSS 2.19%
Published 24.06.2010 12:30:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version5.2.0

Php ≫ Php Version5.2.1

Php ≫ Php Version5.2.2

Php ≫ Php Version5.2.3

Php ≫ Php Version5.2.4

Php ≫ Php Version5.2.5

Php ≫ Php Version5.2.6

Php ≫ Php Version5.2.7

Php ≫ Php Version5.2.8

Php ≫ Php Version5.2.9

Php ≫ Php Version5.2.10

Php ≫ Php Version5.2.11

Php ≫ Php Version5.2.12

Php ≫ Php Version5.2.13

Php ≫ Php Version5.3.0

Php ≫ Php Version5.3.1

Php ≫ Php Version5.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.19%	0.838

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://support.apple.com/kb/HT4312

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://secunia.com/advisories/40860

http://www.debian.org/security/2010/dsa-2089

http://pastebin.com/mXGidCsd

Exploit

http://twitter.com/i0n1c/statuses/16373156076

http://twitter.com/i0n1c/statuses/16447867829

http://www.securityfocus.com/bid/40948

https://bugzilla.redhat.com/show_bug.cgi?id=605641

https://exchange.xforce.ibmcloud.com/vulnerabilities/59610

https://nvd.nist.gov/vuln/detail/CVE-2010-2225

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2225

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2225

EUVD