cvelistv5 - cve-2012-3450

CVE-2012-3450 (GCVE-0-2012-3450)

Vulnerability from cvelistv5 – Published: 2012-08-06 16:00 – Updated: 2024-08-06 20:05

Summary

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2012/08/02/7	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2012/dsa-2527	vendor-advisoryx_refsource_DEBIAN
	http://www.php.net/ChangeLog-5.php	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/08/02/3	mailing-listx_refsource_MLIST
	https://bugs.php.net/bug.php?id=61755	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2012/Jun/60	mailing-listx_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ubuntu.com/usn/USN-1569-1	vendor-advisoryx_refsource_UBUNTU
	https://bugzilla.novell.com/show_bug.cgi?id=769785	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
          },
          {
            "name": "DSA-2527",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2527"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=61755"
          },
          {
            "name": "20120610 [php\u003c=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2012/Jun/60"
          },
          {
            "name": "MDVSA-2012:108",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
          },
          {
            "name": "USN-1569-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1569-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
          },
          {
            "name": "SUSE-SU-2012:1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-07T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
        },
        {
          "name": "DSA-2527",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2527"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php"
        },
        {
          "name": "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=61755"
        },
        {
          "name": "20120610 [php\u003c=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2012/Jun/60"
        },
        {
          "name": "MDVSA-2012:108",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
        },
        {
          "name": "USN-1569-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1569-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
        },
        {
          "name": "SUSE-SU-2012:1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3450",
    "datePublished": "2012-08-06T16:00:00",
    "dateReserved": "2012-06-14T00:00:00",
    "dateUpdated": "2024-08-06T20:05:12.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.3.13\", \"matchCriteriaId\": \"AFD98294-887F-4D33-8AF1-783B0DE43234\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EF4B938-BB14-4C06-BEE9-10CA755C5DEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"981C922C-7A7D-473E-8C43-03AB62FB5B8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0F40E4A-E125-4099-A8B3-D42614AA9312\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4933D9DD-A630-4A3D-9D13-9E182F5F6F8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9E6D530-91FC-42F4-A427-6601238E0187\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC938DB-E066-407F-BDF8-61A1C41136F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACDF768D-7F5A-4042-B7DD-398F65F3F094\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC3F1891-032D-409C-904C-A415D2323DFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B13826D-06B2-4A46-AB24-092F6935958D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B6528FC-51BE-4E30-B282-D9841553BA26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66CF9452-6225-4726-822B-C7CD620A1D6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7B9B8D2-78B7-4B17-955B-741C7A6F6634\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CA2A940-BD69-4D35-AF12-432CB929248B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29BD13F9-86C8-44C4-A860-9A87870A518E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B361FDE-9F6A-4E9A-96F1-619DC56EECB6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.\"}, {\"lang\": \"es\", \"value\": \"pdo_sql_parser.re en la extensi\\u00f3n PDO en PHP anteriores a v5.3.14 y v5.4.x anterior a v5.4.4 no determina de forma adecuada el final de la cadena en la petici\\u00f3n durante un an\\u00e1lisis sint\\u00e1ctico de estructuras preparadas, lo que permite a atacantes remotos a provocar una denegaci\\u00f3n de servicio (lectura fuera de los l\\u00edmites y ca\\u00edda de la aplicaci\\u00f3n)a trav\\u00e9s de un valor en el par\\u00e1metro manipulado.\"}]",
      "id": "CVE-2012-3450",
      "lastModified": "2024-11-21T01:40:54.120",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-08-06T16:55:05.963",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/bugtraq/2012/Jun/60\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2527\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/3\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/7\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.php.net/ChangeLog-5.php\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1569-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugs.php.net/bug.php?id=61755\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.novell.com/show_bug.cgi?id=769785\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/bugtraq/2012/Jun/60\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.php.net/ChangeLog-5.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1569-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.php.net/bug.php?id=61755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.novell.com/show_bug.cgi?id=769785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-3450\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-08-06T16:55:05.963\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.\"},{\"lang\":\"es\",\"value\":\"pdo_sql_parser.re en la extensi\u00f3n PDO en PHP anteriores a v5.3.14 y v5.4.x anterior a v5.4.4 no determina de forma adecuada el final de la cadena en la petici\u00f3n durante un an\u00e1lisis sint\u00e1ctico de estructuras preparadas, lo que permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites y ca\u00edda de la aplicaci\u00f3n)a trav\u00e9s de un valor en el par\u00e1metro manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.3.13\",\"matchCriteriaId\":\"AFD98294-887F-4D33-8AF1-783B0DE43234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EF4B938-BB14-4C06-BEE9-10CA755C5DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"981C922C-7A7D-473E-8C43-03AB62FB5B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0F40E4A-E125-4099-A8B3-D42614AA9312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4933D9DD-A630-4A3D-9D13-9E182F5F6F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E6D530-91FC-42F4-A427-6601238E0187\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC938DB-E066-407F-BDF8-61A1C41136F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACDF768D-7F5A-4042-B7DD-398F65F3F094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC3F1891-032D-409C-904C-A415D2323DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B13826D-06B2-4A46-AB24-092F6935958D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B6528FC-51BE-4E30-B282-D9841553BA26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66CF9452-6225-4726-822B-C7CD620A1D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7B9B8D2-78B7-4B17-955B-741C7A6F6634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CA2A940-BD69-4D35-AF12-432CB929248B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29BD13F9-86C8-44C4-A860-9A87870A518E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B361FDE-9F6A-4E9A-96F1-619DC56EECB6\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/bugtraq/2012/Jun/60\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2527\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1569-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.php.net/bug.php?id=61755\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=769785\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/bugtraq/2012/Jun/60\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1569-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.php.net/bug.php?id=61755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=769785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2012-3450

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-3450

Aliases

CVE-2012-3450

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-3450",
    "description": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.",
    "id": "GSD-2012-3450",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-3450.html",
      "https://www.debian.org/security/2012/dsa-2527"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-3450"
      ],
      "details": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.",
      "id": "GSD-2012-3450",
      "modified": "2023-12-13T01:20:21.172846Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-3450",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.php.net/ChangeLog-5.php",
            "refsource": "MISC",
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
          },
          {
            "name": "http://seclists.org/bugtraq/2012/Jun/60",
            "refsource": "MISC",
            "url": "http://seclists.org/bugtraq/2012/Jun/60"
          },
          {
            "name": "http://www.debian.org/security/2012/dsa-2527",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2012/dsa-2527"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/08/02/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/08/02/7",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1569-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1569-1"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=61755",
            "refsource": "MISC",
            "url": "https://bugs.php.net/bug.php?id=61755"
          },
          {
            "name": "https://bugzilla.novell.com/show_bug.cgi?id=769785",
            "refsource": "MISC",
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.13",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3450"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20120610 [php\u003c=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://seclists.org/bugtraq/2012/Jun/60"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=769785",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=61755",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.php.net/bug.php?id=61755"
            },
            {
              "name": "DSA-2527",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2527"
            },
            {
              "name": "SUSE-SU-2012:1033",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
            },
            {
              "name": "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
            },
            {
              "name": "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
            },
            {
              "name": "USN-1569-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1569-1"
            },
            {
              "name": "MDVSA-2012:108",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-04-19T03:23Z",
      "publishedDate": "2012-08-06T16:55Z"
    }
  }
}

FKIE_CVE-2012-3450

Vulnerability from fkie_nvd - Published: 2012-08-06 16:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
	secalert@redhat.com	http://seclists.org/bugtraq/2012/Jun/60
	secalert@redhat.com	http://www.debian.org/security/2012/dsa-2527
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/02/3
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/02/7
	secalert@redhat.com	http://www.php.net/ChangeLog-5.php
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-1569-1
	secalert@redhat.com	https://bugs.php.net/bug.php?id=61755
	secalert@redhat.com	https://bugzilla.novell.com/show_bug.cgi?id=769785
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/bugtraq/2012/Jun/60
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2527
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/02/3
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/02/7
	af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/ChangeLog-5.php
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1569-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=61755
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.novell.com/show_bug.cgi?id=769785

Impacted products

Vendor	Product	Version
php	php	*
php	php	5.3.0
php	php	5.3.1
php	php	5.3.2
php	php	5.3.3
php	php	5.3.4
php	php	5.3.5
php	php	5.3.6
php	php	5.3.7
php	php	5.3.8
php	php	5.3.9
php	php	5.3.10
php	php	5.3.11
php	php	5.3.12
php	php	5.4.0
php	php	5.4.1
php	php	5.4.2
php	php	5.4.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD98294-887F-4D33-8AF1-783B0DE43234",
              "versionEndIncluding": "5.3.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4933D9DD-A630-4A3D-9D13-9E182F5F6F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E6D530-91FC-42F4-A427-6601238E0187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC938DB-E066-407F-BDF8-61A1C41136F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF768D-7F5A-4042-B7DD-398F65F3F094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3F1891-032D-409C-904C-A415D2323DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B13826D-06B2-4A46-AB24-092F6935958D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6528FC-51BE-4E30-B282-D9841553BA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CF9452-6225-4726-822B-C7CD620A1D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B361FDE-9F6A-4E9A-96F1-619DC56EECB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
    },
    {
      "lang": "es",
      "value": "pdo_sql_parser.re en la extensi\u00f3n PDO en PHP anteriores a v5.3.14 y v5.4.x anterior a v5.4.4 no determina de forma adecuada el final de la cadena en la petici\u00f3n durante un an\u00e1lisis sint\u00e1ctico de estructuras preparadas, lo que permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites y ca\u00edda de la aplicaci\u00f3n)a trav\u00e9s de un valor en el par\u00e1metro manipulado."
    }
  ],
  "id": "CVE-2012-3450",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-06T16:55:05.963",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/bugtraq/2012/Jun/60"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2527"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1569-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.php.net/bug.php?id=61755"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2012/Jun/60"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1569-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.php.net/bug.php?id=61755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2012-AVI-430

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités ont été corrigées dans PHP. La première concerne un débordement de mémoire tampon dans la fonction _php_stream_scandir. La deuxième provoque un déni de service à distance au moyen de la fonction pdo_sql_parser.re.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	N/A	versions antérieures à 5.3.15 pour la brache 5.3.
	PHP	N/A	Versions antérieures à 5.4.4 pour la branche 5.4 ;

References

Title

Publication Time

Tags

Notes de version PHP du 19 juillet 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 5.3.15 pour la brache 5.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 5.4.4 pour la branche 5.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2688"
    },
    {
      "name": "CVE-2012-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3450"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-430",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. La premi\u00e8re concerne un d\u00e9bordement de\nm\u00e9moire tampon dans la fonction \u003cspan\nclass=\"textit\"\u003e\\_php_stream_scandir\u003c/span\u003e. La deuxi\u00e8me provoque un d\u00e9ni\nde service \u00e0 distance au moyen de la fonction \u003cspan\nclass=\"textit\"\u003epdo_sql_parser.re\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version PHP du 19 juillet 2012",
      "url": "http://www.php.net/ChangeLog-5.php"
    }
  ]
}

CERTA-2012-AVI-430

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	N/A	versions antérieures à 5.3.15 pour la brache 5.3.
	PHP	N/A	Versions antérieures à 5.4.4 pour la branche 5.4 ;

References

Title

Publication Time

Tags

Notes de version PHP du 19 juillet 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 5.3.15 pour la brache 5.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 5.4.4 pour la branche 5.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2688"
    },
    {
      "name": "CVE-2012-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3450"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-430",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. La premi\u00e8re concerne un d\u00e9bordement de\nm\u00e9moire tampon dans la fonction \u003cspan\nclass=\"textit\"\u003e\\_php_stream_scandir\u003c/span\u003e. La deuxi\u00e8me provoque un d\u00e9ni\nde service \u00e0 distance au moyen de la fonction \u003cspan\nclass=\"textit\"\u003epdo_sql_parser.re\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version PHP du 19 juillet 2012",
      "url": "http://www.php.net/ChangeLog-5.php"
    }
  ]
}

GHSA-72H2-MX43-37V5

Vulnerability from github – Published: 2022-05-17 05:11 – Updated: 2022-05-17 05:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-3450"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-06T16:55:00Z",
    "severity": "LOW"
  },
  "details": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.",
  "id": "GHSA-72h2-mx43-37v5",
  "modified": "2022-05-17T05:11:18Z",
  "published": "2022-05-17T05:11:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3450"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=61755"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2012/Jun/60"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2527"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1569-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-3450 (GCVE-0-2012-3450)

GSD-2012-3450

FKIE_CVE-2012-3450

CERTA-2012-AVI-430

Solution

CERTA-2012-AVI-430

Solution

GHSA-72H2-MX43-37V5

Tags

Sightings

Nomenclature