CVE-2012-3450 (GCVE-0-2012-3450)

Vulnerability from cvelistv5 – Published: 2012-08-06 16:00 – Updated: 2024-08-06 20:05
VLAI
Summary
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.openwall.com/lists/oss-security/2012/08/02/7 mailing-listx_refsource_MLIST
http://www.debian.org/security/2012/dsa-2527 vendor-advisoryx_refsource_DEBIAN
http://www.php.net/ChangeLog-5.php x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2012/08/02/3 mailing-listx_refsource_MLIST
https://bugs.php.net/bug.php?id=61755 x_refsource_CONFIRM
http://seclists.org/bugtraq/2012/Jun/60 mailing-listx_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.ubuntu.com/usn/USN-1569-1 vendor-advisoryx_refsource_UBUNTU
https://bugzilla.novell.com/show_bug.cgi?id=769785 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
Date Public
2012-06-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
          },
          {
            "name": "DSA-2527",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2527"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=61755"
          },
          {
            "name": "20120610 [php\u003c=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2012/Jun/60"
          },
          {
            "name": "MDVSA-2012:108",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
          },
          {
            "name": "USN-1569-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1569-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
          },
          {
            "name": "SUSE-SU-2012:1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-07T09:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
        },
        {
          "name": "DSA-2527",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2527"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php"
        },
        {
          "name": "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=61755"
        },
        {
          "name": "20120610 [php\u003c=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2012/Jun/60"
        },
        {
          "name": "MDVSA-2012:108",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
        },
        {
          "name": "USN-1569-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1569-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
        },
        {
          "name": "SUSE-SU-2012:1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3450",
    "datePublished": "2012-08-06T16:00:00.000Z",
    "dateReserved": "2012-06-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T20:05:12.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-3450",
      "date": "2026-05-27",
      "epss": "0.12383",
      "percentile": "0.9399"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.3.13\", \"matchCriteriaId\": \"AFD98294-887F-4D33-8AF1-783B0DE43234\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EF4B938-BB14-4C06-BEE9-10CA755C5DEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"981C922C-7A7D-473E-8C43-03AB62FB5B8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0F40E4A-E125-4099-A8B3-D42614AA9312\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4933D9DD-A630-4A3D-9D13-9E182F5F6F8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9E6D530-91FC-42F4-A427-6601238E0187\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC938DB-E066-407F-BDF8-61A1C41136F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACDF768D-7F5A-4042-B7DD-398F65F3F094\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC3F1891-032D-409C-904C-A415D2323DFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B13826D-06B2-4A46-AB24-092F6935958D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B6528FC-51BE-4E30-B282-D9841553BA26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66CF9452-6225-4726-822B-C7CD620A1D6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7B9B8D2-78B7-4B17-955B-741C7A6F6634\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CA2A940-BD69-4D35-AF12-432CB929248B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29BD13F9-86C8-44C4-A860-9A87870A518E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B361FDE-9F6A-4E9A-96F1-619DC56EECB6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.\"}, {\"lang\": \"es\", \"value\": \"pdo_sql_parser.re en la extensi\\u00f3n PDO en PHP anteriores a v5.3.14 y v5.4.x anterior a v5.4.4 no determina de forma adecuada el final de la cadena en la petici\\u00f3n durante un an\\u00e1lisis sint\\u00e1ctico de estructuras preparadas, lo que permite a atacantes remotos a provocar una denegaci\\u00f3n de servicio (lectura fuera de los l\\u00edmites y ca\\u00edda de la aplicaci\\u00f3n)a trav\\u00e9s de un valor en el par\\u00e1metro manipulado.\"}]",
      "id": "CVE-2012-3450",
      "lastModified": "2024-11-21T01:40:54.120",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-08-06T16:55:05.963",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/bugtraq/2012/Jun/60\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2527\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/3\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/7\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.php.net/ChangeLog-5.php\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1569-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugs.php.net/bug.php?id=61755\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.novell.com/show_bug.cgi?id=769785\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/bugtraq/2012/Jun/60\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/08/02/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.php.net/ChangeLog-5.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1569-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.php.net/bug.php?id=61755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.novell.com/show_bug.cgi?id=769785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-3450\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-08-06T16:55:05.963\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.\"},{\"lang\":\"es\",\"value\":\"pdo_sql_parser.re en la extensi\u00f3n PDO en PHP anteriores a v5.3.14 y v5.4.x anterior a v5.4.4 no determina de forma adecuada el final de la cadena en la petici\u00f3n durante un an\u00e1lisis sint\u00e1ctico de estructuras preparadas, lo que permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites y ca\u00edda de la aplicaci\u00f3n)a trav\u00e9s de un valor en el par\u00e1metro manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.3.13\",\"matchCriteriaId\":\"AFD98294-887F-4D33-8AF1-783B0DE43234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EF4B938-BB14-4C06-BEE9-10CA755C5DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"981C922C-7A7D-473E-8C43-03AB62FB5B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0F40E4A-E125-4099-A8B3-D42614AA9312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4933D9DD-A630-4A3D-9D13-9E182F5F6F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E6D530-91FC-42F4-A427-6601238E0187\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC938DB-E066-407F-BDF8-61A1C41136F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACDF768D-7F5A-4042-B7DD-398F65F3F094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC3F1891-032D-409C-904C-A415D2323DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B13826D-06B2-4A46-AB24-092F6935958D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B6528FC-51BE-4E30-B282-D9841553BA26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66CF9452-6225-4726-822B-C7CD620A1D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7B9B8D2-78B7-4B17-955B-741C7A6F6634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CA2A940-BD69-4D35-AF12-432CB929248B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29BD13F9-86C8-44C4-A860-9A87870A518E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B361FDE-9F6A-4E9A-96F1-619DC56EECB6\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/bugtraq/2012/Jun/60\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2527\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1569-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.php.net/bug.php?id=61755\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=769785\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/bugtraq/2012/Jun/60\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/08/02/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php.net/ChangeLog-5.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1569-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.php.net/bug.php?id=61755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=769785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.