2.6
CVE-2012-3450
- EPSS 11.18%
- Veröffentlicht 06.08.2012 16:55:05
- Zuletzt bearbeitet 16.06.2026 23:43:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.18% | 0.954 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:N/A:P
|
http://www.php.net/ChangeLog-5.php
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
http://www.debian.org/security/2012/dsa-2527
http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
http://www.ubuntu.com/usn/USN-1569-1
http://seclists.org/bugtraq/2012/Jun/60
http://www.openwall.com/lists/oss-security/2012/08/02/3
http://www.openwall.com/lists/oss-security/2012/08/02/7
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785