CVE-2012-6113

2013-01-1921:55:01

CWE-200

redhat

web.nvd.nist.gov

cve-2012-6113

openssl_encrypt

php 5.3.9

php 5.3.13

nvd

information security

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.005

Percentile

75.7%

JSON

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

Affected configurations

Nvd

Node

phpphpMatch5.3.9

phpphpMatch5.3.10

phpphpMatch5.3.11

phpphpMatch5.3.12

phpphpMatch5.3.13

VendorProductVersionCPE
phpphp5.3.9cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
phpphp5.3.10cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*
phpphp5.3.11cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*
phpphp5.3.12cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*
phpphp5.3.13cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	5.3.9	cpe:2.3:a:php:php:5.3.9:::::::*
php	php	5.3.10	cpe:2.3:a:php:php:5.3.10:::::::*
php	php	5.3.11	cpe:2.3:a:php:php:5.3.11:::::::*
php	php	5.3.12	cpe:2.3:a:php:php:5.3.12:::::::*
php	php	5.3.13	cpe:2.3:a:php:php:5.3.13:::::::*