Description
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)
WordPress Plugin MyBookTable Bookstore by Author Media Unspecified Vulnerability (2.1.4)
Drupal Core 8.9.x Multiple Cross-Site Scripting Vulnerabilities (8.9.0 - 8.9.5)
WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)