The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP prior to 5.4.44, 5.5.x prior to 5.5.28, and 5.6.x prior to 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |