Description

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

Remediation

References

CVE-2012-6113

Related Vulnerabilities

WordPress Plugin BulletProof Security Cross-Site Scripting (.47)

WordPress Plugin Google Map Backdoor (1.4)

Oracle Database Server CVE-2006-5345 Vulnerability (CVE-2006-5345)

WordPress Plugin WP Custom Fields Search Cross-Site Scripting (0.3.28)

Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)

Severity

Medium

Classification

CVE-2012-6113 CWE-200

Tags

Missing Update Known Vulnerabilities