The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
Base Score: 7.5
Impact Score: 6.4
Exploitability Score: 10
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.2.3 (inclusive)
View all (4 total)