CVE-2010-4150:php: Double free vulnerability in the imap_do

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4150

php: Double free vulnerability in the imap_do_open funct...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4150

Original

Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-07

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-08

Affected Product Tags

cpe:/a:php:php:5.2.0

cpe:/a:php:php:5.2.1

cpe:/a:php:php:5.2.10

cpe:/a:php:php:5.2.11

cpe:/a:php:php:5.2.12

cpe:/a:php:php:5.2.13

cpe:/a:php:php:5.2.14

cpe:/a:php:php:5.2.2

cpe:/a:php:php:5.2.3

cpe:/a:php:php:5.2.4

cpe:/a:php:php:5.3.0

cpe:/a:php:php:5.3.1

cpe:/a:php:php:5.3.2

cpe:/a:php:php:5.3.3

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 44980

CONFIRM http://svn.php.net/viewvc?view=revision&revision=305032

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=656917

MANDRIVA MDVSA-2010:239

SECTRACK 1024761

VUPEN ADV-2010-3027

Vulnerability Type Resource Management Errors (CWE-399)

XF php-phpimapc-dos(63390)