VYPR
Unrated severityNVD Advisory· Published Sep 22, 2009· Updated Jun 16, 2026

CVE-2009-3294

CVE-2009-3294

Description

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=5.2.0,<5.2.11
    • (no CPE)range: <5.2.11 || >=5.3.0 <5.3.1

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.