Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2097 to
the following vulnerability:
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode
functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow
context-dependent attackers to obtain sensitive information (memory
contents) by causing a userspace interruption of an internal function,
related to the call time pass by reference feature.
Credit: All three flaws discovered by Stefan Esser.
Created attachment 418694 [details]
Local copy of MOPS-2010-032.php reproducer
Created attachment 418696 [details]
Local copy of MOPS-2010-033.php reproducer
Created attachment 418697 [details]
Local copy of MOPS-2010-034.php reproducer
Closing this, see bug #617578, comment #3 for more detailed explanation.
*** This bug has been marked as a duplicate of bug 169857 ***
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see