Description

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

Remediation

References

CVE-2012-6113

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2561)

WordPress Plugin SB Welcome Email Editor Unspecified Vulnerability (4.1)

MySQL CVE-2012-0118 Vulnerability (CVE-2012-0118)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1559)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Cross-Site Scripting (1.3.6.2)

Severity

Medium

Classification

CVE-2012-6113 CWE-200

Tags

Missing Update Known Vulnerabilities