CVE-2012-0788

Published: 20 January 2012

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Priority

Status

Package	Release	Status
php5 Launchpad, Ubuntu, Debian	Upstream	Released (5.3.9)






	Patches: Upstream: http://svn.php.net/viewvc?view=revision&revision=317272

References

Bugs

https://bugs.php.net/bug.php?id=55776

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading