Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain…
redhat·CWE-134·Published 2010-09-28
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Vulnerabilidad de formato de cadena en stream.c en la extensión phar en PHP v5.3.x hasta v5.3.3 permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) y probablemente ejecutar código de su elección a través de URI phar:// manipuladas que no manejan adecuadamente por la función har_stream_flush, dando lugar a errores en la función php_stream_wrapper_log_error. NOTA: Esta vulnerabilidad existe por una solución incompleta para CVE-2010-2094.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.8 | 8.6 | 6.4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |