CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
EPSS
Percentile
93.6%
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10,
and earlier versions allows context-specific attackers to obtain sensitive
information (memory contents) and cause a PHP crash by using the ini_set
function to declare a variable, then using the ini_restore function to
restore the variable.