CVE-2010-1864

Name of the Vulnerable Software and Affected Versions PHP versions 5.2 through 5.2.13 PHP versions 5.3 through 5.3.2

Description The issue allows context-dependent attackers to obtain sensitive information, such as memory contents, by causing a userspace interruption of an internal function. This is related to the call time pass by reference feature in the addcslashes function.

Recommendations For PHP versions 5.2 through 5.2.13, update to a version later than 5.2.13 to resolve the issue. For PHP versions 5.3 through 5.3.2, update to a version later than 5.3.2 to resolve the issue. As a temporary workaround, consider restricting the use of the addcslashes function until a patch is available.