Description
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2012-2336)
Perl Resource Management Errors Vulnerability (CVE-2008-1927)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43766)
WordPress Plugin OSD Subscribe Cross-Site Scripting (1.2.3)
Dolibarr Incorrect Authorization Vulnerability (CVE-2021-37517)