CVE-2010-4657 Information
Share on:
Feb 14, 2021
cve
Description
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute which are then misparsed by libxml2. This results in memory leak into the resulting output.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://access.redhat.com/security/cve/cve-2010-4657 https://bugs.launchpad.net/php/2Bbug/655442 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657 https://security-tracker.debian.org/tracker/CVE-2010-4657
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5