CVE-2012-0781
published 2012-01-18CVE-2012-0781: The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
10.77%
95.3th percentile
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2012-06-19·CVSS 5.0
CVE-2012-0781 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain Tidy::diagnose
operations on invalid objects. A remote attacker could use this flaw to
cause PHP to crash, leading to a denial of service. (CVE-2012-0781)
It was discovered that PHP incorrectly handled certain multi-file upload
filenames. A remote attacker could use this flaw to cause a denial of
service, or to perform a directory traversal attack. (CVE-2012-1172)
Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain
Unicode characters in passwords passed to the crypt() function. A remote
attacker could possibly use this flaw to bypass authentication.
(CVE-2012-2143)
It was discovered that a Debian/Ubuntu specific patch caused PHP
Red Hat
php: tidy_diagnose() NULL pointer dereference may cause DoS
vendor_redhat·2012-01-10·CVSS 5.0
CVE-2012-0781 [MEDIUM] CWE-476 php: tidy_diagnose() NULL pointer dereference may cause DoS
php: tidy_diagnose() NULL pointer dereference may cause DoS
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
Package: php (Red Hat Enterprise Linux 4) - Not affected
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
GHSA
GHSA-929c-4vcv-4rrx: The tidy_diagnose function in PHP 5
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2012-0781 [MEDIUM] GHSA-929c-4vcv-4rrx: The tidy_diagnose function in PHP 5
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
No detection rules found.
http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.htmlhttp://cxsecurity.com/research/103http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlhttp://secunia.com/advisories/48668http://www.exploit-db.com/exploits/18370/http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.htmlhttp://cxsecurity.com/research/103http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlhttp://secunia.com/advisories/48668http://www.exploit-db.com/exploits/18370/
2012-01-18
Published