CVE-2010-2531

 

Published at: - 21-08-2010 12:00

Last modified: - 19-01-2023 05:39

Total changes: - 2

Description

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:N/A:N

 

Verification logic

 

Reference

• http://www.php.net/archive/2010.php#id2010-07-22-1
• https://bugzilla.redhat.com/show_bug.cgi?id=617673
• http://www.php.net/archive/2010.php#id2010-07-22-2
• [oss-security] 20100716 Re: Re: CVE request, php var_export-Mailing List, Third Party Advisory
• [oss-security] 20100713 CVE request, php var_export-Mailing List, Third Party Advisory
• http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143
• http://support.apple.com/kb/HT4312
• APPLE-SA-2010-08-24-1-Mailing List, Third Party Advisory
• SUSE-SR:2010:017-Mailing List, Third Party Advisory
• http://support.apple.com/kb/HT4435
• APPLE-SA-2010-11-10-1-Mailing List, Third Party Advisory
• SUSE-SR:2010:018-Mailing List, Third Party Advisory
• RHSA-2010:0919-Third Party Advisory
• ADV-2010-3081-Permissions Required
• 42410-Broken Link
• HPSBMA02662-Mailing List, Third Party Advisory
• DSA-2266-Third Party Advisory
• SSRT100826-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2010-2531

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures