Description
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)
PHP Improper Input Validation Vulnerability (CVE-2016-4537)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.7)
Grafana Signature Verification Vulnerability (CVE-2020-27846)