Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2012-3450

Published: 06/08/2012 Updated: 19/04/2013
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

pdo_sql_parser.re in the PDO extension in PHP prior to 5.3.14 and 5.4.x prior to 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.3.11

php php 5.3.4

php php 5.3.9

php php 5.3.2

php php 5.3.12

php php 5.3.8

php php 5.3.6

php php 5.3.5

php php 5.4.2

php php 5.4.3

php php 5.3.1

php php 5.3.7

php php 5.4.0

php php 5.4.1

php php 5.3.3

php php 5.3.0

php php 5.3.10

php php

Vendor Advisories

Debian CVElist Bug Report Logs: php5: CVE-2012-3450: pdo array overread/crash
Debian Bug report logs - #683694 php5: CVE-2012-3450: pdo array overread/crash Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Thu, 2 Aug 2012 21:33:01 UTC Severity: ...
Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian Security Advisories: DSA-2527-1 php5 -- several vulnerabilities
Several vulnerabilities have been discovered in PHP, the web scripting language The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-2688 A buffer overflow in the scandir() function could lead to denial of service or the execution of arbitrary code CVE-2012-3450 It was discovered that inconsistent p ...

Exploits

Exploit DB: PHP 5.4.3 - PDO Memory Access Violation Denial of Service
source: wwwsecurityfocuscom/bid/54777/info PHP is prone to a remote denial-of-service vulnerability An attacker can exploit this issue to cause the web server to crash, denying service to legitimate users PHP 543 is vulnerable; other versions may also be affected <?php try { $db = new PDO('mysql:host=localhost;dbname=aws', " ...

References

NVD-CWE-Otherhttp://seclists.org/bugtraq/2012/Jun/60http://www.php.net/ChangeLog-5.phphttps://bugzilla.novell.com/show_bug.cgi?id=769785https://bugs.php.net/bug.php?id=61755http://www.debian.org/security/2012/dsa-2527http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.htmlhttp://www.openwall.com/lists/oss-security/2012/08/02/3http://www.openwall.com/lists/oss-security/2012/08/02/7http://www.ubuntu.com/usn/USN-1569-1http://www.mandriva.com/security/advisories?name=MDVSA-2012:108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683694https://usn.ubuntu.com/1569-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/37566/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook