CVE-2012-6113
Published: 18 January 2013
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 5.3.9, fixed in 5.3.14 |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(5.2.4-2ubuntu5.26)
|
lucid |
Not vulnerable
(5.3.2-1ubuntu4.18)
|
|
oneiric |
Not vulnerable
(5.3.6-13ubuntu3.9)
|
|
precise |
Released
(5.3.10-1ubuntu3.5)
|
|
quantal |
Not vulnerable
(5.4.6-1ubuntu1.1)
|
|
upstream |
Released
(5.3.14)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e |