Alpine: php: security update to 5.3.2-r7 (deprecated)

critical Tenable Cloud Security Plugin ID 401352

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2
allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data,
related to the PHP unserialize function. (CVE-2010-2225)

See Also

https://git.alpinelinux.org/aports/commit/?id=993176136f182c2feb91682b31f0a905167f418d

https://git.alpinelinux.org/aports/commit/?id=eed9f37161248c488e0ff923681dfa42907b2d7b

Plugin Details

Severity: Critical

ID: 401352

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2010-2225

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/6/2010

Vulnerability Publication Date: 6/18/2010

Reference Information

CVE: CVE-2010-2225

BID: 40948