Lucene search

K
cve[email protected]CVE-2012-3450
HistoryAug 06, 2012 - 4:55 p.m.

CVE-2012-3450

2012-08-0616:55:05
web.nvd.nist.gov
99
4
php
pdo extension
cve-2012-3450
security vulnerability
remote attack
denial of service

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

Affected configurations

NVD
Node
phpphpRange5.3.13
OR
phpphpMatch5.3.0
OR
phpphpMatch5.3.1
OR
phpphpMatch5.3.2
OR
phpphpMatch5.3.3
OR
phpphpMatch5.3.4
OR
phpphpMatch5.3.5
OR
phpphpMatch5.3.6
OR
phpphpMatch5.3.7
OR
phpphpMatch5.3.8
OR
phpphpMatch5.3.9
OR
phpphpMatch5.3.10
OR
phpphpMatch5.3.11
OR
phpphpMatch5.3.12
OR
phpphpMatch5.4.0
OR
phpphpMatch5.4.1
OR
phpphpMatch5.4.2
OR
phpphpMatch5.4.3

Social References

More

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.062 Low

EPSS

Percentile

93.6%