Vulnerability identifier: #VU43771
Vulnerability risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor: PHP Group
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
Mitigation
Install update from vendor's website.
Vulnerable software versions
PHP: 5.3.0 - 5.3.12, 5.4.0 - 5.4.3
External links
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
http://seclists.org/bugtraq/2012/Jun/60
http://www.debian.org/security/2012/dsa-2527
http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
http://www.openwall.com/lists/oss-security/2012/08/02/3
http://www.openwall.com/lists/oss-security/2012/08/02/7
http://www.php.net/ChangeLog-5.php
http://www.ubuntu.com/usn/USN-1569-1
http://bugs.php.net/bug.php?id=61755
http://bugzilla.novell.com/show_bug.cgi?id=769785
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.