Description

The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Remediation

References

CVE-2010-2097

Related Vulnerabilities

Plone CMS Other Vulnerability (CVE-2006-4247)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0542)

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.33.1)

Nginx Out-of-bounds Write Vulnerability (CVE-2022-41741)

Ruby Improper Authentication Vulnerability (CVE-2017-10784)

Severity

Medium

Classification

CVE-2010-2097 CWE-200

Tags

Missing Update Known Vulnerabilities