MidnightBSD

Advisories for hardened-php

CVE-2012-0807 MEDIUM

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hardened-php suhosin 0.9.6.1
hardened-php suhosin 0.9.17
hardened-php suhosin 0.9.28
hardened-php suhosin 0.9.10
hardened-php suhosin 0.9.24
hardened-php suhosin 0.9.26
hardened-php suhosin 0.9.4
hardened-php suhosin 0.9.21
hardened-php suhosin 0.9.7
hardened-php suhosin 0.9.11
hardened-php suhosin 0.9.20
hardened-php suhosin 0.9.1
hardened-php suhosin 0.9.18
hardened-php suhosin 0.9.6.3
hardened-php suhosin 0.9.9
hardened-php suhosin 0.9.2
hardened-php suhosin 0.9.6.2
hardened-php suhosin 0.9.19
hardened-php suhosin 0.9.16
hardened-php suhosin 0.9.27
hardened-php suhosin 0.9.0
hardened-php suhosin 0.9.12
hardened-php suhosin 0.9.8
hardened-php suhosin 0.9.5
hardened-php suhosin 0.9.14
hardened-php suhosin 0.9.29
hardened-php suhosin 0.9.9.1
hardened-php suhosin 0.9.13
hardened-php suhosin 0.9.6
hardened-php suhosin 0.9.3
hardened-php suhosin 0.9.22
hardened-php suhosin *
hardened-php suhosin 0.9.15
hardened-php suhosin 0.9.25
hardened-php suhosin 0.9.30
hardened-php suhosin 0.9.23