Launchpad CVE tracker

CVE 2012-0830

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Related bugs and status

CVE-2012-0830 (Candidate) is related to these bugs:

Bug #910296: Please backport the upstream patch to prevent attacks based on hash collisions

		In	Importance	Status
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Lucid)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Oneiric)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Maverick)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Hardy)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Natty)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Precise)	Medium	Fix Released

Bug #925772: UPDATE REQUEST: php53u 5.3.10 is available upstream

Summary				In	Importance	Status
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		IUS Community Project	Undecided	Fix Released
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		php5 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0830

References