CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

Insecure Encryption

php7 is using an insecure encryption. The vulnerability exists when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV. This can lead to both decreased security and incorrect encryption data...

Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize function that allows an unauthenticated, remote attacker to...

PHP information leakage

opensslencrypt memory disclosure...

Ubuntu: Security Advisory (USN-1702-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 'openssl_encrypt()' Function Information Disclosure Vulnerability - Windows

PHP is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Ubuntu Update for php5 USN-1702-1

Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN17021.nasl 8509 2018-01-24 06:57:46Z teissa $ Ubuntu Update for php5 USN-1702-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu 12.04 LTS : php5 vulnerability (USN-1702-1)

It was discovered that PHP incorrectly handled the opensslencrypt function when used with an empty string. An attacker could use this flaw to cause PHP to disclose arbitrary memory contents and possibly expose sensitive information. Note that Tenable Network Security has extracted the preceding...

USN-1702-1: PHP vulnerability

It was discovered that PHP incorrectly handled the opensslencrypt function when used with an empty string. An attacker could use this flaw to cause PHP to disclose arbitrary memory contents and possibly expose sensitive information...

PHP 'openssl_encrypt()'函数信息泄露漏洞

BUGTRAQ ID: 57462 CVECAN ID: CVE-2012-6113 PHP 是一种 HTML 内嵌式的语言，是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，被广泛地运用。 PHP 5.3.9 - 5.3.13版本内的ext/openssl/openssl.c中函数opensslencrypt没有初始化某个变量，通过提供零字节的数据，可允许远程攻击者获取进程内存内的敏感信息。 0 PHP PHP 5.3.9 PHP PHP 5.3.11 PHP PHP 5.3.10 PHP PHP 5.2.13 PHP PHP 5.2.12 厂商补丁： PHP...

CVE-2012-6113

The opensslencrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data...

Input validation

The opensslencrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data...

CVE-2012-6113

The opensslencrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data...

CVE-2012-6113

This CVE affects PHP 5.3.9–5.3.13 where the openssl_encrypt() code path in ext/openssl/openssl.c fails to initialize a variable, enabling a remote attacker to read sensitive memory contents by supplying zero-length input data. The issue is a memory disclosure vulnerability. Public references indi...

php: Multiple memory leaks in the OpenSSL extension

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...