CVE-2012-0789
published 2012-02-14CVE-2012-0789: Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.26%
94.2th percentile
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.3.8 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
php: strtotime timezone memory leak
vendor_redhat·2012-01-11·CVSS 5.0
CVE-2012-0789 [MEDIUM] CWE-401 php: strtotime timezone memory leak
php: strtotime timezone memory leak
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
Package: php (Red Hat Enterprise Linux 4) - Will not fix
GHSA
GHSA-q63r-5v5h-328m: Memory leak in the timezone functionality in PHP before 5
ghsa_unreviewed·2022-05-14
CVE-2012-0789 [MEDIUM] GHSA-q63r-5v5h-328m: Memory leak in the timezone functionality in PHP before 5
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlhttp://secunia.com/advisories/48668http://www.php.net/ChangeLog-5.php#5.3.9https://bugs.php.net/bug.php?id=53502https://bugzilla.redhat.com/show_bug.cgi?id=783609http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlhttp://secunia.com/advisories/48668http://www.php.net/ChangeLog-5.php#5.3.9https://bugs.php.net/bug.php?id=53502https://bugzilla.redhat.com/show_bug.cgi?id=783609
2012-02-14
Published