CVE-2012-0788
Priority
Medium
Description
The PDORow implementation in PHP before 5.3.9 does not properly interact
with the session feature, which allows remote attackers to cause a denial
of service (application crash) via a crafted application that uses a PDO
driver for a fetch and then calls the session_start function, as
demonstrated by a crash of the Apache HTTP Server.
with the session feature, which allows remote attackers to cause a denial
of service (application crash) via a crafted application that uses a PDO
driver for a fetch and then calls the session_start function, as
demonstrated by a crash of the Apache HTTP Server.
References
Package
| Upstream: | released (5.3.9) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (5.2.4-2ubuntu5.22) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (5.3.2-1ubuntu4.13) |
| Ubuntu 11.04 (Natty Narwhal): | released (5.3.5-1ubuntu7.6) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (5.3.6-13ubuntu3.5) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (5.3.10-1ubuntu1) |
Patches:
| Upstream: | http://svn.php.net/viewvc?view=revision&revision=317272 |