Lucene search

[email protected]CVE-2012-3450

HistoryAug 06, 2012 - 4:55 p.m.

CVE-2012-3450

2012-08-0616:55:05

[email protected]

web.nvd.nist.gov

102

php

pdo extension

cve-2012-3450

security vulnerability

remote attack

denial of service

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

Affected configurations

NVD

Node

phpphpRange≤5.3.13

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

phpphpMatch5.3.6

phpphpMatch5.3.7

phpphpMatch5.3.8

phpphpMatch5.3.9

phpphpMatch5.3.10

phpphpMatch5.3.11

phpphpMatch5.3.12

phpphpMatch5.4.0

phpphpMatch5.4.1

phpphpMatch5.4.2

phpphpMatch5.4.3

VendorProductVersionCPE
phpphp5.4.3cpe:/a:php:php:5.4.3:::
phpphp5.4.0cpe:/a:php:php:5.4.0:::
phpphp5.3.1cpe:/a:php:php:5.3.1:::
phpphp5.4.2cpe:/a:php:php:5.4.2:::
phpphpcpe:/a:php:php::::
phpphp5.3.5cpe:/a:php:php:5.3.5:::
phpphp5.3.6cpe:/a:php:php:5.3.6:::
phpphp5.3.7cpe:/a:php:php:5.3.7:::
phpphp5.3.12cpe:/a:php:php:5.3.12:::
phpphp5.3.4cpe:/a:php:php:5.3.4:::

Vendor	Product	Version	CPE
php	php	5.4.3	cpe:/a:php:php:5.4.3:::
php	php	5.4.0	cpe:/a:php:php:5.4.0:::
php	php	5.3.1	cpe:/a:php:php:5.3.1:::
php	php	5.4.2	cpe:/a:php:php:5.4.2:::
php	php		cpe:/a:php:php::::
php	php	5.3.5	cpe:/a:php:php:5.3.5:::
php	php	5.3.6	cpe:/a:php:php:5.3.6:::
php	php	5.3.7	cpe:/a:php:php:5.3.7:::
php	php	5.3.12	cpe:/a:php:php:5.3.12:::
php	php	5.3.4	cpe:/a:php:php:5.3.4:::