4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.13 Low
EPSS
Percentile
95.4%
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might
allow remote attackers to cause a denial of service (memory consumption)
via (1) plaintext data to the openssl_encrypt function or (2) ciphertext
data to the openssl_decrypt function.
Author | Note |
---|---|
sbeattie | openssl_{en,de}crypt are not available in php 5.2.x. There are possibly other memory leaks in php 5.2.x openssl code. |