Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1868

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

Related bugs and status

CVE-2010-1868 (Candidate) is related to these bugs:

Bug #564920: PHP5 under Apache2 on 64 bit system is not completely 64 bit

Summary				In	Importance	Status
	564920	PHP5 under Apache2 on 64 bit system is not completely 64 bit		php5 (Ubuntu)	Low	Fix Released
	564920	PHP5 under Apache2 on 64 bit system is not completely 64 bit		php5 (Ubuntu Lucid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://php-security.or...
MISC: http://php-security.or...
MISC: http://php-security.or...