CVE-2009-3294

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
phpphp
5.2.0 ≤
𝑥
< 5.2.11
phpphp
5.3.0 ≤
𝑥
< 5.3.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://bugs.php.net/bug.php?id=44683
http://news.php.net/php.announce/79
http://svn.php.net/viewvc?view=revision&revision=287779
http://www.openwall.com/lists/oss-security/2009/09/20/1
http://www.openwall.com/lists/oss-security/2009/11/20/2
http://www.openwall.com/lists/oss-security/2009/11/20/3
http://www.osvdb.org/58188
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
http://www.php.net/releases/5_3_1.php
http://bugs.php.net/bug.php?id=44683
http://news.php.net/php.announce/79
http://svn.php.net/viewvc?view=revision&revision=287779
http://www.openwall.com/lists/oss-security/2009/09/20/1
http://www.openwall.com/lists/oss-security/2009/11/20/2
http://www.openwall.com/lists/oss-security/2009/11/20/3
http://www.osvdb.org/58188
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
http://www.php.net/releases/5_3_1.php