CVE-2009-3294

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.11 PHP versions 5.3.x prior to 5.3.1

Description The issue allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode) of the popen API function, possibly related to the fdopen function in the Microsoft C runtime library. This might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

Recommendations For PHP versions prior to 5.2.11, update to version 5.2.11 or later. For PHP versions 5.3.x prior to 5.3.1, update to version 5.3.1 or later.