CVE-2010-2191

Name of the Vulnerable Software and Affected Versions PHP versions 5.2 through 5.2.13 PHP versions 5.3 through 5.3.2

Description The issue affects several functions and opcodes in PHP, including parse str, preg match, unpack, pack, ZEND FETCH RW, ZEND CONCAT, ZEND ASSIGN CONCAT, and the ArrayObject::uasort method. This allows context-dependent attackers to obtain sensitive information, such as memory contents, or trigger memory corruption by causing a userspace interruption of an internal function or handler. Vectors related to the call time pass by reference feature are also affected.

Recommendations For PHP versions 5.2 through 5.2.13, consider upgrading to a version outside of this range to mitigate the risk. For PHP versions 5.3 through 5.3.2, consider upgrading to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the affected functions and opcodes, such as parse str, preg match, unpack, pack, ZEND FETCH RW, ZEND CONCAT, ZEND ASSIGN CONCAT, and the ArrayObject::uasort method, until a patch is available.