CVE-2010-2950 in PHP
摘要 (英语)
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
预定
2010-08-04
披露
2010-09-28
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 54852 | PHP Wrapper stream.c phar_stream_flush Format String | 134 | 未定义 | 未定义 | CVE-2010-2950 |