Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-2531

Published: 20/08/2010 Updated: 19/01/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Php

Vulnerability Summary

The var_export function in PHP 5.2 prior to 5.2.14 and 5.3 prior to 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote malicious users to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Vulnerable Product Search on Vulmon Subscribe to Product

php php

debian debian linux 5.0

debian debian linux 6.0

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service This issue only affected Ubuntu 606 LTS, 804 LTS, 904 and 910 (CVE-2010-0397) ...
Debian Security Advisories: DSA-2266-1 php5 -- several vulnerabilities
Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code CVE-2010-2531 An information leak was found in the var_export() function CVE-2011-0421 The Zip module could crash CVE-2011-0708 An integer overflow was discovered in the Exif module CVE-2011-1466 An i ...

References

CWE-200http://www.php.net/archive/2010.php#id2010-07-22-1https://bugzilla.redhat.com/show_bug.cgi?id=617673http://www.php.net/archive/2010.php#id2010-07-22-2http://www.openwall.com/lists/oss-security/2010/07/16/3http://www.openwall.com/lists/oss-security/2010/07/13/1http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143http://support.apple.com/kb/HT4312http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://support.apple.com/kb/HT4435http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0919.htmlhttp://www.vupen.com/english/advisories/2010/3081http://secunia.com/advisories/42410http://marc.info/?l=bugtraq&m=130331363227777&w=2http://www.debian.org/security/2011/dsa-2266http://marc.info/?l=bugtraq&m=133469208622507&w=2https://nvd.nist.govhttps://usn.ubuntu.com/989-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook