Description
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Smiley Multiple Vulnerabilities (1.4.1)
MediaWiki Improper Input Validation Vulnerability (CVE-2011-0003)
WordPress Plugin Advanced Classifieds & Directory Pro Cross-Site Scripting (1.7.5)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-20166)