Red Hat Bugzilla – Bug 618359
CVE-2010-1860 php: html_entity_decode interruption vulnerability (MOPS-2010-010)
Last modified: 2015-08-19 04:51:25 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1860 to the following vulnerability:
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.
Created attachment 434492 [details]
Fixed via zend_parse_parameters() change that addressed couple of other MOPS issues - see bug #617578, comment #2.
Closing this, see bug #617578, comment #3 for more detailed explanation.
*** This bug has been marked as a duplicate of bug 169857 ***
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see