QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2626

Published: Dec 1, 2009

Modified: Sep 16, 2024

PUBLISHED

Description

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605

x_refsource_CONFIRM

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

20090806 PHP 5.2.10/5.3.0 (zend_ini.c) Memory Disclosure

third-party-advisory

x_refsource_SREASONRES

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.