The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-01-19 13:55
Updated : 2023-02-12 16:27
NVD link : CVE-2012-6113
Mitre link : CVE-2012-6113
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
php
- php