Description

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

Remediation

References

CVE-2010-4657

Related Vulnerabilities

WordPress Plugin FreshMail For WordPress Multiple SQL Injection Vulnerabilities (1.5.8)

WordPress Plugin WP Keyword Link Multiple Cross-Site Scripting Vulnerabilities (1.7)

WordPress Plugin WP-PostViews Cross-Site Request Forgery (1.62)

Drupal Core 7.x Multiple Vulnerabilities (7.0)

WordPress Plugin WordPress File Upload Directory Traversal (4.12.2)

Severity

High

Classification

CVE-2010-4657 CWE-772 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities