[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3450Date: (C)2012-08-06   (M)2023-12-22


pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://seclists.org/bugtraq/2012/Jun/60
DSA-2527
MDVSA-2012:108
SUSE-SU-2012:1033
USN-1569-1
http://www.openwall.com/lists/oss-security/2012/08/02/3
http://www.openwall.com/lists/oss-security/2012/08/02/7
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=61755
https://bugzilla.novell.com/show_bug.cgi?id=769785

CPE    18
cpe:/a:php:php:5.3.10
cpe:/a:php:php:5.3.12
cpe:/a:php:php:5.3.11
cpe:/a:php:php:5.3.2
...
OVAL    3
oval:org.secpod.oval:def:600866
oval:org.secpod.oval:def:6723
oval:org.secpod.oval:def:700999

© SecPod Technologies