VDB
CVE-2009-2626
CVE-2009-2626
PUBLISHED
CVSS 6.400000095367432 MEDIUM
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
EPSS 8.16% · 92.3th percentile
Risk Scores
CVSS 2.0
6.400000095367432
EPSS Score
8.16%
92.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| php | php | 0, 1.0, 3.0 |
Timeline
- Aug 10, 2009 PoC Published
- Dec 1, 2009 CVE Published
- Dec 3, 2009 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- 37482 third-party-advisory
- DSA-1940 vendor-advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605 url
- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c?r1=272370&r2=284156 url
- 36009 vdb
- 20090806 PHP 5.2.10/5.3.0 (zend_ini.c) Memory Disclosure third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-2626 advisory