CVE-2010-2225 Information

Share on:

Feb 14, 2021 cve

Description

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data related to the PHP unserialize function.

Reference

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://pastebin.com/mXGidCsd http://secunia.com/advisories/40860 http://support.apple.com/kb/HT4312 http://twitter.com/i0n1c/statuses/16373156076 http://twitter.com/i0n1c/statuses/16447867829 http://www.debian.org/security/2010/dsa-2089 http://www.securityfocus.com/bid/40948 https://bugzilla.redhat.com/show_bug.cgi?id=605641 https://exchange.xforce.ibmcloud.com/vulnerabilities/59610