The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 up to and including 5.3.13 does not initialize a certain variable, which allows remote malicious users to obtain sensitive information from process memory by providing zero bytes of input data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.3.10 |
||
php php 5.3.9 |
||
php php 5.3.12 |
||
php php 5.3.11 |
||
php php 5.3.13 |