{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-09-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) \"e\" or (2) \"er\" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-11-25T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/ChangeLog-5.php#5.2.11"},{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/3"},{"name":"[php-announce] 20091119 5.3.1 Release announcement","tags":["mailing-list","x_refsource_MLIST"],"url":"http://news.php.net/php.announce/79"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/releases/5_2_11.php"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/ChangeLog-5.php"},{"name":"[oss-security] 20091120 CVE request: php 5.3.1 update","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/2"},{"tags":["x_refsource_CONFIRM"],"url":"http://bugs.php.net/bug.php?id=44683"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/releases/5_3_1.php"},{"name":"[oss-security] 20090920 Re: CVE Request -- PHP 5 - 5.2.11","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/09/20/1"},{"name":"58188","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/58188"},{"tags":["x_refsource_CONFIRM"],"url":"http://svn.php.net/viewvc?view=revision&revision=287779"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-3294","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) \"e\" or (2) \"er\" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.php.net/ChangeLog-5.php#5.2.11","refsource":"CONFIRM","url":"http://www.php.net/ChangeLog-5.php#5.2.11"},{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/11/20/3"},{"name":"[php-announce] 20091119 5.3.1 Release announcement","refsource":"MLIST","url":"http://news.php.net/php.announce/79"},{"name":"http://www.php.net/releases/5_2_11.php","refsource":"CONFIRM","url":"http://www.php.net/releases/5_2_11.php"},{"name":"http://www.php.net/ChangeLog-5.php","refsource":"CONFIRM","url":"http://www.php.net/ChangeLog-5.php"},{"name":"[oss-security] 20091120 CVE request: php 5.3.1 update","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/11/20/2"},{"name":"http://bugs.php.net/bug.php?id=44683","refsource":"CONFIRM","url":"http://bugs.php.net/bug.php?id=44683"},{"name":"http://www.php.net/releases/5_3_1.php","refsource":"CONFIRM","url":"http://www.php.net/releases/5_3_1.php"},{"name":"[oss-security] 20090920 Re: CVE Request -- PHP 5 - 5.2.11","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/09/20/1"},{"name":"58188","refsource":"OSVDB","url":"http://www.osvdb.org/58188"},{"name":"http://svn.php.net/viewvc?view=revision&revision=287779","refsource":"CONFIRM","url":"http://svn.php.net/viewvc?view=revision&revision=287779"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T06:22:24.462Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/ChangeLog-5.php#5.2.11"},{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/3"},{"name":"[php-announce] 20091119 5.3.1 Release announcement","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://news.php.net/php.announce/79"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/releases/5_2_11.php"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/ChangeLog-5.php"},{"name":"[oss-security] 20091120 CVE request: php 5.3.1 update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://bugs.php.net/bug.php?id=44683"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/releases/5_3_1.php"},{"name":"[oss-security] 20090920 Re: CVE Request -- PHP 5 - 5.2.11","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/09/20/1"},{"name":"58188","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/58188"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://svn.php.net/viewvc?view=revision&revision=287779"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-3294","datePublished":"2009-09-22T10:00:00.000Z","dateReserved":"2009-09-22T00:00:00.000Z","dateUpdated":"2024-08-07T06:22:24.462Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}