Description
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Input Validation Vulnerability (CVE-2010-3708)
WordPress Plugin Media from FTP PHP Object Injection (9.79)
Sqlite CVE-2021-20223 Vulnerability (CVE-2021-20223)
MediaWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-25869)
WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)