- Description
- The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC3F1891-032D-409C-904C-A415D2323DFC"
},
{
"criteria": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B13826D-06B2-4A46-AB24-092F6935958D"
},
{
"criteria": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B6528FC-51BE-4E30-B282-D9841553BA26"
},
{
"criteria": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66CF9452-6225-4726-822B-C7CD620A1D6E"
},
{
"criteria": "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A953FF53-1106-42D3-BE4A-4F27C7C42F52"
}
],
"operator": "OR"
}
]
}
]