Description

pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.

Remediation

References

CVE-2012-3450

Related Vulnerabilities

WordPress Plugin WP Media Cleaner Multiple Cross-Site Scripting Vulnerabilities (2.2.6)

WordPress Plugin EU Cookie Law for GDPR/CCPA Cross-Site Scripting (3.0.6)

WordPress Plugin Imsanity Unspecified Vulnerability (2.3.3)

MediaWiki Other Vulnerability (CVE-2021-36126)

Next.js Acceptance of Extraneous Untrusted Data With Trusted Data Vulnerability (CVE-2026-44572)

Severity

Low

Classification

CVE-2012-3450

Tags

Missing Update Known Vulnerabilities