ID CVE-2010-1917
Summary Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2010:0919
rpms
  • php-0:4.3.9-3.31
  • php-0:5.1.6-27.el5_5.3
  • php-bcmath-0:5.1.6-27.el5_5.3
  • php-cli-0:5.1.6-27.el5_5.3
  • php-common-0:5.1.6-27.el5_5.3
  • php-dba-0:5.1.6-27.el5_5.3
  • php-debuginfo-0:4.3.9-3.31
  • php-debuginfo-0:5.1.6-27.el5_5.3
  • php-devel-0:4.3.9-3.31
  • php-devel-0:5.1.6-27.el5_5.3
  • php-domxml-0:4.3.9-3.31
  • php-gd-0:4.3.9-3.31
  • php-gd-0:5.1.6-27.el5_5.3
  • php-imap-0:4.3.9-3.31
  • php-imap-0:5.1.6-27.el5_5.3
  • php-ldap-0:4.3.9-3.31
  • php-ldap-0:5.1.6-27.el5_5.3
  • php-mbstring-0:4.3.9-3.31
  • php-mbstring-0:5.1.6-27.el5_5.3
  • php-mysql-0:4.3.9-3.31
  • php-mysql-0:5.1.6-27.el5_5.3
  • php-ncurses-0:4.3.9-3.31
  • php-ncurses-0:5.1.6-27.el5_5.3
  • php-odbc-0:4.3.9-3.31
  • php-odbc-0:5.1.6-27.el5_5.3
  • php-pdo-0:5.1.6-27.el5_5.3
  • php-pear-0:4.3.9-3.31
  • php-pgsql-0:4.3.9-3.31
  • php-pgsql-0:5.1.6-27.el5_5.3
  • php-snmp-0:4.3.9-3.31
  • php-snmp-0:5.1.6-27.el5_5.3
  • php-soap-0:5.1.6-27.el5_5.3
  • php-xml-0:5.1.6-27.el5_5.3
  • php-xmlrpc-0:4.3.9-3.31
  • php-xmlrpc-0:5.1.6-27.el5_5.3
refmap via4
debian DSA-2089
hp
  • HPSBMA02662
  • SSRT100409
misc http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html
secunia
  • 40860
  • 42410
suse
  • SUSE-SR:2010:017
  • SUSE-SR:2010:018
vupen ADV-2010-3081
xf php-fnmatchfunction-dos(58585)
Last major update 17-08-2017 - 01:32
Published 12-05-2010 - 11:46
Last modified 17-08-2017 - 01:32
Back to Top