2.6

CVE-2012-3450

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.3.13
PhpPhp Version5.3.0
PhpPhp Version5.3.1
PhpPhp Version5.3.2
PhpPhp Version5.3.3
PhpPhp Version5.3.4
PhpPhp Version5.3.5
PhpPhp Version5.3.6
PhpPhp Version5.3.7
PhpPhp Version5.3.8
PhpPhp Version5.3.9
PhpPhp Version5.3.10
PhpPhp Version5.3.11
PhpPhp Version5.3.12
PhpPhp Version5.4.0
PhpPhp Version5.4.1
PhpPhp Version5.4.2
PhpPhp Version5.4.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.18% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.php.net/ChangeLog-5.php
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
http://www.debian.org/security/2012/dsa-2527
http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
http://www.ubuntu.com/usn/USN-1569-1
http://seclists.org/bugtraq/2012/Jun/60
http://www.openwall.com/lists/oss-security/2012/08/02/3
http://www.openwall.com/lists/oss-security/2012/08/02/7
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785