CVE-2012-0788

Published: 20 January 2012

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Priority

Status

Package	Release	Status
php5 Launchpad, Ubuntu, Debian	Upstream	Released (5.3.9)






	Patches: Upstream: http://svn.php.net/viewvc?view=revision&revision=317272

References

Bugs

https://bugs.php.net/bug.php?id=55776

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading