Description

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

Remediation

References

CVE-2009-2626

Related Vulnerabilities

WordPress Plugin Yoast SEO SQL Injection (1.7.3.3)

WordPress Plugin Border Loading Bar Multiple Cross-Site Scripting Vulnerabilities (1.0)

PHP Other Vulnerability (CVE-2006-4481)

Internet Information Services Other Vulnerability (CVE-2000-0630)

Squid NULL Pointer Dereference Vulnerability (CVE-2018-1000027)

Severity

Medium

Classification

CVE-2009-2626

Tags

Missing Update Known Vulnerabilities