CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
75.7%
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through
5.3.13 does not initialize a certain variable, which allows remote
attackers to obtain sensitive information from process memory by providing
zero bytes of input data.
Author | Note |
---|---|
mdeslaur | introduced in 5.3.9, fixed in 5.3.14 |