Red Hat Customer Portal

Skip to main content

CVE-2011-1468

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php).

Public Date

2011-02-21 00:00:00

Impact

Low

Bugzilla

CVE-2011-1468 php: Multiple memory leaks in the OpenSSL extension

Bugzilla ID

690 899

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (php) RHSA-2011:1423 2011-11-02
Red Hat Enterprise Linux 5 (php53) RHSA-2011:1423 2011-11-02

CWE

CWE-401

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 php Not affected
Red Hat Enterprise Linux 4 php Not affected