2011-02-02 21:00:00
mitre
PUBLISHED
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a scripts use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.