Unrated severityNVD Advisory· Published Jan 19, 2013· Updated Apr 29, 2026

CVE-2012-6113

Description

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

Affected products

PHP/PHP5 versions
cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.php.netnvd
openwall.com/lists/oss-security/2013/01/18/6nvd
www.ubuntu.com/usn/USN-1702-1nvd
bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793nvd
bugs.php.net/bug.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000