Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-6113

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

Related bugs and status

CVE-2012-6113 (Candidate) is related to these bugs:

Bug #1099793: php 5.3.10 openssl_encrypt empty data

		In	Importance	Status
1099793	php 5.3.10 openssl_encrypt empty data	php5 (Ubuntu)	Undecided	Fix Released
1099793	php 5.3.10 openssl_encrypt empty data	php5 (Ubuntu Precise)	Medium	Fix Released
1099793	php 5.3.10 openssl_encrypt empty data	php5 (Ubuntu Quantal)	Undecided	Fix Released
1099793	php 5.3.10 openssl_encrypt empty data	php5 (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ubuntu.com/...
MISC: http://openwall.com/li...
MISC: http://git.php.net/?p=...
MISC: https://bugs.launchpad...
MISC: https://bugs.php.net/b...