Описание
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.4.9-4ubuntu1 |
| hardy | not-affected | 5.2.4-2ubuntu5.26 |
| lucid | not-affected | 5.3.2-1ubuntu4.18 |
| oneiric | not-affected | 5.3.6-13ubuntu3.9 |
| precise | released | 5.3.10-1ubuntu3.5 |
| quantal | not-affected | 5.4.6-1ubuntu1.1 |
| upstream | released | 5.3.14 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
EPSS
5 Medium
CVSS2