CVE-2011-1468

Published: 19 March 2011

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.

Priority

Medium

Notes

AuthorNote
sbeattie
openssl_{en,de}crypt are not available in php 5.2.x. There
are possibly other memory leaks in php 5.2.x openssl code.

References

Bugs