CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
93.6%
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Vendor | Product | Version | CPE |
---|---|---|---|
php | php | 4.4.9 | cpe:/a:php:php:4.4.9::: |
php | php | 3.0.17 | cpe:/a:php:php:3.0.17::: |
php | php | 4.0 | cpe:/a:php:php:4.0:beta1:: |
php | php | 4.3.7 | cpe:/a:php:php:4.3.7::: |
php | php | 5.0.1 | cpe:/a:php:php:5.0.1::: |
php | php | 4.0.4 | cpe:/a:php:php:4.0.4:patch1:: |
php | php | 4.0.1 | cpe:/a:php:php:4.0.1:patch1:: |
php | php | 4.4.3 | cpe:/a:php:php:4.4.3::: |
php | php | 3.0.12 | cpe:/a:php:php:3.0.12::: |
php | php | 5.1.6 | cpe:/a:php:php:5.1.6::: |