CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

Product Status

Learn more

Information not provided

References 11 Total

Updated: 2024-08-07

This container includes required additional information provided by the CVE Program for this vulnerability.

References 11 Total

http://www.php.net/ChangeLog-5.php#5.2.11
external site
x_transferred
openwall.com: [oss-security] 20091120 Re: CVE request: php 5.3.1 update
external site
mailing-listx_transferred
news.php.net: [php-announce] 20091119 5.3.1 Release announcement
external site
mailing-listx_transferred
http://www.php.net/releases/5_2_11.php
external site
x_transferred
http://www.php.net/ChangeLog-5.php
external site
x_transferred
openwall.com: [oss-security] 20091120 CVE request: php 5.3.1 update
external site
mailing-listx_transferred
http://bugs.php.net/bug.php?id=44683
external site
x_transferred
http://www.php.net/releases/5_3_1.php
external site
x_transferred
openwall.com: [oss-security] 20090920 Re: CVE Request -- PHP 5 - 5.2.11
external site
mailing-listx_transferred
osvdb.org: 58188
external site
vdb-entryx_transferred
http://svn.php.net/viewvc?view=revision&revision=287779
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 11 Total

CVE Program

References 11 Total