Description
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-1999-1068)
Envoy Proxy Use After Free Vulnerability (CVE-2024-32974)
Drupal Core 7.x Remote Code Execution (7.0 - 7.58)
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2025-27747)
ReviveAdserver Use of Externally-Controlled Format String Vulnerability (CVE-2025-52666)