CVE-2009-2626

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.1

Description The issue allows context-specific attackers to obtain sensitive information, such as memory contents, and cause a PHP crash. This is achieved by using the ini set function to declare a variable, then using the ini restore function to restore the variable. The zend restore ini entry cb function in zend ini.c is specifically implicated in this issue.

Recommendations For PHP versions prior to 5.3.1, update to a version that contains a fix for this issue, such as PHP 5.3.1 or later, to prevent the potential for sensitive information disclosure and PHP crashes.