CVE-2010-4657

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.4

Description The issue is related to the XMLWriter component in PHP, where a memory leak occurs due to the failure to release resources after their expiration. This can be exploited by a remote attacker to disclose protected information. Specifically, passing invalid UTF-8 strings via the xmlTextWriterWriteAttribute function can cause libxml2 to misparse them, resulting in a memory leak in the output.

Recommendations For versions prior to 5.4.4, update to version 5.4.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xmlTextWriterWriteAttribute function to minimize the risk of exploitation.