CVE-2010-1861

The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.

Published : 2010-05-07 23:00 Updated : 2010-05-10 04:00

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Php Php 5.2.8 cpe:/a:php:php:5.2.8
Php Php 5.2.6 cpe:/a:php:php:5.2.6
Php Php 5.2.5 cpe:/a:php:php:5.2.5
Php Php 5.2.13 cpe:/a:php:php:5.2.13
Php Php 5.2.12 cpe:/a:php:php:5.2.12
Php Php 5.2.11 cpe:/a:php:php:5.2.11
Php Php 5.2.9 cpe:/a:php:php:5.2.9
Php Php 5.2.10 cpe:/a:php:php:5.2.10
Php Php 5.2.0 cpe:/a:php:php:5.2.0
Php Php 5.2.4 cpe:/a:php:php:5.2.4
Php Php 5.2.3 cpe:/a:php:php:5.2.3
Php Php 5.3.2 cpe:/a:php:php:5.3.2
Php Php 5.2.2 cpe:/a:php:php:5.2.2
Php Php 5.3.1 cpe:/a:php:php:5.3.1
Php Php 5.2.1 cpe:/a:php:php:5.2.1
Php Php 5.3.0 cpe:/a:php:php:5.3.0
  1. Php (1) Search CVE
    1. Php (16) Search CVE
      1. 5.2.8
      2. 5.2.6
      3. 5.2.5
      4. 5.2.13
      5. 5.2.12
      6. 5.2.11
      7. 5.2.9
      8. 5.2.10
      9. 5.2.0
      10. 5.2.4
      11. 5.2.3
      12. 5.3.2
      13. 5.2.2
      14. 5.3.1
      15. 5.2.1
      16. 5.3.0

CWE

ID Name Description Links
CWE-399 Resource Management Errors Weaknesses in this category are related to improper management of system resources. CVE

History of changes

Date Event
2010-05-07 23:00

New CVE