Published: 07/05/2010 Updated: 11/05/2010

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 allow context-dependent malicious users to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.2.5
php php 5.2.8
php php 5.2.13
php php 5.2.0
php php 5.2.1
php php 5.2.2
php php 5.2.3
php php 5.2.9
php php 5.2.10
php php 5.2.11
php php 5.2.12
php php 5.2.4
php php 5.2.6
php php 5.3.0
php php 5.3.2
php php 5.3.1

Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service This issue only affected Ubuntu 606 LTS, 804 LTS, 904 and 910 (CVE-2010-0397) ...

CWE-94 http://php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html http://php-security.org/2010/05/07/mops-2010-013-php-sqlite_array_query-uninitialized-memory-usage-vulnerability/index.html http://php-security.org/2010/05/07/mops-submission-03-sqlite_single_query-sqlite_array_query-uninitialized-memory-usage/index.html https://nvd.nist.gov https://usn.ubuntu.com/989-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1868

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect