CVE-2012-0830

Published: 06 February 2012

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Priority

Status

Package	Release	Status
php5 Launchpad, Ubuntu, Debian	Upstream	Released (5.3.10-1)

Notes

Author	Note
tyhicks	Introduced by the fix for CVE-2011-4885

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0830

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading