Candidate: CVE-2010-1915
PublicDate: 2010-05-12 11:46:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1915
 http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html
Description:
 The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2
 allows context-dependent attackers to obtain sensitive information (memory
 contents) by causing a userspace interruption of an internal function,
 related to the call time pass by reference feature, modification of ZVALs
 whose values are not updated in the associated local variables, and access
 of previously-freed memory.
Ubuntu-Description:
Notes:
 mdeslaur> see CVE-2010-1864 for patch
 mdeslaur> interruption issue, safe_mode - open_basedir bypass, ignoring
 mdeslaur> This is MOPS-2010-017
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1915
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
upstream_php5: released (5.3.3)
dapper_php5: ignored
hardy_php5: ignored
jaunty_php5: ignored
karmic_php5: ignored
lucid_php5: ignored
devel_php5: not-affected (5.3.3-1ubuntu6)