Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 5.2.0 (including) | 5.2.0 (including) |
| Php | Php | 5.2.1 (including) | 5.2.1 (including) |
| Php | Php | 5.2.2 (including) | 5.2.2 (including) |
| Php | Php | 5.2.3 (including) | 5.2.3 (including) |
| Php | Php | 5.2.4 (including) | 5.2.4 (including) |
| Php | Php | 5.2.5 (including) | 5.2.5 (including) |
| Php | Php | 5.2.6 (including) | 5.2.6 (including) |
| Php | Php | 5.2.7 (including) | 5.2.7 (including) |
| Php | Php | 5.2.8 (including) | 5.2.8 (including) |
| Php | Php | 5.2.9 (including) | 5.2.9 (including) |
| Php | Php | 5.2.10 (including) | 5.2.10 (including) |
| Php | Php | 5.2.11 (including) | 5.2.11 (including) |
| Php | Php | 5.2.12 (including) | 5.2.12 (including) |
| Php | Php | 5.3.0 (including) | 5.3.0 (including) |
| Php | Php | 5.3.1 (including) | 5.3.1 (including) |
| Php5 | Ubuntu | dapper | * |
| Php5 | Ubuntu | devel | * |
| Php5 | Ubuntu | hardy | * |
| Php5 | Ubuntu | jaunty | * |
| Php5 | Ubuntu | karmic | * |
| Php5 | Ubuntu | lucid | * |
| Php5 | Ubuntu | maverick | * |
| Php5 | Ubuntu | natty | * |
| Php5 | Ubuntu | oneiric | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html