What is the severity of CVE-2010-2191?

CVE-2010-2191 is considered a moderate severity vulnerability that could allow context-dependent attackers to obtain sensitive information from affected PHP versions.

How do I fix CVE-2010-2191?

To fix CVE-2010-2191, upgrade your PHP installation to version 5.3.3 or later, which addresses this vulnerability.

Which versions of PHP are affected by CVE-2010-2191?

CVE-2010-2191 affects PHP versions 5.2.0 through 5.2.13 and 5.3.0 through 5.3.2.

What components of PHP are vulnerable in CVE-2010-2191?

The CVE-2010-2191 vulnerability affects the parse_str, preg_match, unpack, pack functions, several opcodes, and the ArrayObject::uasort method.

Can CVE-2010-2191 be exploited remotely?

Yes, CVE-2010-2191 can be exploited remotely if attackers can leverage context-specific conditions to gain access to sensitive information.

Vulnerability/
CVE-2010-2191

medium

6.4

CWE

119

7/6/2010

11/4/2025

CVE-2010-2191: Buffer Overflow

First published: Mon Jun 07 2010(Updated: )

The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PHP	=5.2.0
PHP	=5.2.1
PHP	=5.2.2
PHP	=5.2.3
PHP	=5.2.4
PHP	=5.2.5
PHP	=5.2.6
PHP	=5.2.7
PHP	=5.2.8
PHP	=5.2.9
PHP	=5.2.10
PHP	=5.2.11
PHP	=5.2.12
PHP	=5.2.13
PHP	=5.3.0
PHP	=5.3.1
PHP	=5.3.2
	=5.2.0
	=5.2.1
	=5.2.2
	=5.2.3
	=5.2.4
	=5.2.5
	=5.2.6
	=5.2.7
	=5.2.8
	=5.2.9
	=5.2.10
	=5.2.11
	=5.2.12
	=5.2.13
	=5.3.0
	=5.3.1
	=5.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2191?
CVE-2010-2191 is considered a moderate severity vulnerability that could allow context-dependent attackers to obtain sensitive information from affected PHP versions.
How do I fix CVE-2010-2191?
To fix CVE-2010-2191, upgrade your PHP installation to version 5.3.3 or later, which addresses this vulnerability.
Which versions of PHP are affected by CVE-2010-2191?
CVE-2010-2191 affects PHP versions 5.2.0 through 5.2.13 and 5.3.0 through 5.3.2.
What components of PHP are vulnerable in CVE-2010-2191?
The CVE-2010-2191 vulnerability affects the parse_str, preg_match, unpack, pack functions, several opcodes, and the ArrayObject::uasort method.
Can CVE-2010-2191 be exploited remotely?
Yes, CVE-2010-2191 can be exploited remotely if attackers can leverage context-specific conditions to gain access to sensitive information.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/php
canonical/php
version/php/5.2.0
version/php/5.2.1
version/php/5.2.2
version/php/5.2.3
version/php/5.2.4
version/php/5.2.5
version/php/5.2.6
version/php/5.2.7
version/php/5.2.8
version/php/5.2.9
version/php/5.2.10
version/php/5.2.11
version/php/5.2.12
version/php/5.2.13
version/php/5.3.0
version/php/5.3.1
version/php/5.3.2