CVE-2012-0789

Advisory lineage Upstream: 0 Downstream: 3

Downstream

RHSA-2012:1045 RHSA-2012:1046 RHSA-2012:1047

Modified

Published: 14 Feb 2012, 15:00

Last modified:06 Aug 2024, 18:38

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

5 MEDIUM

v2.0 (nvd)

EPSS Score

7.54% LOW

8% probability -0.33%

KEV

Not listed

Ransomware

No reports

Public exploits

3 found

Dark Web

Not detected

Timeline

14 Feb 2012, 15:00

Published

Vulnerability first disclosed

06 Aug 2024, 18:38

Last Modified

Vulnerability information updated

Description

Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.

CVSS Metrics

v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 7.54%• Percentile: 92%

Techniques & Countermeasures

CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Affected Systems

Unknown•PHP
≤ 5.3.8 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.2.0 | 5.2.1 | 5.2.2 | 5.2.3 | 5.2.4 | 5.2.5 | 5.2.6 | 5.2.7 | 5.2.8 | 5.2.9 | 5.2.10 | 5.2.11 | 5.2.12 | 5.2.14 | 5.2.15 | 5.2.16 | 5.2.17 | 5.3.0 | 5.3.1 | 5.3.2 | 5.3.3 | 5.3.4 | 5.3.5 | 5.3.6 | 5.3.7