CVE-2012-0807

Suhosin < 0.9.33 - Stack-Based Buffer Overflow via Long Set-Cookie Header

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

References (9)

Core 9
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=783350
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/24/11
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/24/7
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48668

Scores

EPSS 0.0351
EPSS Percentile 87.8%

Details

CWE
CWE-119
Status published
Products (37)
hardened-php/suhosin (2 CPE variants)
hardened-php/suhosin 0.9.0
hardened-php/suhosin 0.9.1
hardened-php/suhosin 0.9.2
hardened-php/suhosin 0.9.3
hardened-php/suhosin 0.9.4
hardened-php/suhosin 0.9.5
hardened-php/suhosin 0.9.6
hardened-php/suhosin 0.9.6.1
hardened-php/suhosin 0.9.6.2
... and 27 more
Published Jan 27, 2012
Tracked Since Feb 18, 2026