What is CVE-2012-2329?

CVE-2012-2329 is a vulnerability in Php, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-05-11.

Is CVE-2012-2329 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Php

CVE-2012-2329

Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.

Vulnerability class: Buffer Overflow

EPSS: 0.796 (99.1th percentile) — read the EPSS interpretation.

Affected products

Php — versions 5.4.0, 5.4.1, 5.4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

secalert@redhat.com (x_refsource_CONFIRM)
php-apacherequestheaders-bo(75545) (vdb-entry, x_refsource_XF)
49014 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM)
53455 (vdb-entry, x_refsource_BID)
SSRT100992 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-2329?: CVE-2012-2329 is a vulnerability in Php, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-05-11.
Is CVE-2012-2329 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.