Vulnerability Details : CVE-2010-4150
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Threat overview for CVE-2010-4150
Top countries where our scanners detected CVE-2010-4150
Top open port discovered on systems with this issue
80
IPs affected by CVE-2010-4150 37,095
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-4150!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-4150
Probability of exploitation activity in the next 30 days: 1.94%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4150
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-4150
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4150
-
http://marc.info/?l=bugtraq&m=133469208622507&w=2
'[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PH' - MARC
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12489
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2011/0021
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
[SECURITY] Fedora 13 Update: maniadrive-1.2-23.fc13
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:239
mandriva.com
-
http://www.php.net/archive/2010.php#id2010-12-10-1
PHP: News Archive - 2010
-
http://www.vupen.com/english/advisories/2010/3313
Webmail | OVH- OVH
-
http://svn.php.net/viewvc?view=revision&revision=305032
PHP: Revision 305032Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=656917
656917 – (CVE-2010-4150) CVE-2010-4150 php: Double free in the imap extension
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/63390
PHP php_imap.c denial of service CVE-2010-4150 Vulnerability Report
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.com
-
http://www.vupen.com/english/advisories/2010/3027
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/44980
PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
-
http://www.php.net/releases/5_3_4.php
PHP: PHP 5.3.4 Release Announcement
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
[SECURITY] Fedora 14 Update: maniadrive-1.2-23.fc14
-
http://www.php.net/releases/5_2_15.php
PHP: PHP 5.2.15 Release Announcement
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLog
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2011/0020
Webmail | OVH- OVH
-
http://www.securitytracker.com/id?1024761
PHP Use After Free in 'ext/imap/php_imap.c' Lets Remote Users Deny Service - SecurityTracker
Products affected by CVE-2010-4150
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*