Description

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

Remediation

References

CVE-2009-2626

Related Vulnerabilities

WordPress Plugin Easy FancyBox Unspecified Vulnerability (1.3.4.9)

Varnish Cache Other Vulnerability (CVE-2015-8852)

OpenSSL Numeric Errors Vulnerability (CVE-2012-2131)

WordPress Plugin Lazyest Gallery 'image' Parameter Cross-Site Scripting (1.0.28)

Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5400)

Severity

Medium

Classification

CVE-2009-2626

Tags

Missing Update Known Vulnerabilities