{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-08-19T15:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"}, {"name": "HPSBOV02763", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"}, {"name": "SSRT100826", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"name": "SUSE-SR:2010:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"}, {"tags": ["x_refsource_MISC"], "url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"}, {"name": "SUSE-SR:2010:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2097", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html", "refsource": "MISC", "url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"}, {"name": "HPSBOV02763", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"name": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html", "refsource": "MISC", "url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"}, {"name": "SSRT100826", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"name": "SUSE-SR:2010:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"}, {"name": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html", "refsource": "MISC", "url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"}, {"name": "SUSE-SR:2010:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:17:14.468Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"}, {"name": "HPSBOV02763", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"}, {"name": "SSRT100826", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"name": "SUSE-SR:2010:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"}, {"name": "SUSE-SR:2010:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2097", "datePublished": "2010-05-27T22:00:00.000Z", "dateReserved": "2010-05-27T00:00:00.000Z", "dateUpdated": "2024-08-07T02:17:14.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "3AADA875-E0EA-483A-A07E-2914FE969972", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."}, {"lang": "es", "value": "Las funciones (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener informaci\u00f3n sensible (contenido de la memoria) provocando una interrupci\u00f3n del espacio de usuario de una funci\u00f3n interna. Relacionado con la llamada por referencia de la funcionalidad \"time pass\"."}], "id": "CVE-2010-2097", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-27T22:30:01.780", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "PHP: iconv_mime_decode(), iconv_substr(), iconv_mime_encode() interruption flaws (MOPS-2010-032 MOPS-2010-033 MOPS-2010-034)", "id": "598562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598562"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."], "name": "CVE-2010-2097", "public_date": "2010-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2097"], "statement": "Red Hat does not consider interruption issues allowing safe_mode / open_basedir\nrestriction bypass to be security sensitive. For more details see\nhttps://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and\nhttp://www.php.net/security-note.php"}

{}