Unrated severityNVD Advisory· Published Aug 6, 2012· Updated Jun 16, 2026
CVE-2012-3450
CVE-2012-3450
Description
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.3.13
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*
- (no CPE)range: <5.3.14, <5.4.4
Patches
Vulnerability mechanics
References
10- lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.htmlnvd
- seclists.org/bugtraq/2012/Jun/60nvd
- www.debian.org/security/2012/dsa-2527nvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2012/08/02/3nvd
- www.openwall.com/lists/oss-security/2012/08/02/7nvd
- www.php.net/ChangeLog-5.phpnvd
- www.ubuntu.com/usn/USN-1569-1nvd
- bugs.php.net/bug.phpnvd
- bugzilla.novell.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.