Description

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

Remediation

References

CVE-2009-2626

Related Vulnerabilities

WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)

Oracle Database Server CVE-2013-1554 Vulnerability (CVE-2013-1554)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10680)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-3078)

Severity

Medium

Classification

CVE-2009-2626

Tags

Missing Update Known Vulnerabilities