CVE-2012-0807

Name: CVE-2012-0807
Creator: NVD / NIST
Published: 2012-01-27T00:55:01.297+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.51%

Last modified Jun 16, 2026

CVE-2012-0807 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.. EPSS estimates a 3.51% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

Metrics

EPSS Probability

3.51%

87.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Hardened-Php	Suhosin	All versions	Beta 2006.09.07
Hardened-Php	Suhosin	<= 0.9.31	—
Hardened-Php	Suhosin	0.9.0	—
Hardened-Php	Suhosin	0.9.1	—
Hardened-Php	Suhosin	0.9.2	—
Hardened-Php	Suhosin	0.9.3	—
Hardened-Php	Suhosin	0.9.4	—
Hardened-Php	Suhosin	0.9.5	—
Hardened-Php	Suhosin	0.9.6	—
Hardened-Php	Suhosin	0.9.6.1	—
Hardened-Php	Suhosin	0.9.6.2	—
Hardened-Php	Suhosin	0.9.6.3	—
Hardened-Php	Suhosin	0.9.7	—
Hardened-Php	Suhosin	0.9.8	—
Hardened-Php	Suhosin	0.9.9	—
Hardened-Php	Suhosin	0.9.9.1	—
Hardened-Php	Suhosin	0.9.10	—
Hardened-Php	Suhosin	0.9.11	—
Hardened-Php	Suhosin	0.9.12	—
Hardened-Php	Suhosin	0.9.13	—
Hardened-Php	Suhosin	0.9.14	—
Hardened-Php	Suhosin	0.9.15	—
Hardened-Php	Suhosin	0.9.16	—
Hardened-Php	Suhosin	0.9.17	—
Hardened-Php	Suhosin	0.9.18	—
Hardened-Php	Suhosin	0.9.19	—
Hardened-Php	Suhosin	0.9.20	—
Hardened-Php	Suhosin	0.9.21	—
Hardened-Php	Suhosin	0.9.22	—
Hardened-Php	Suhosin	0.9.23	—
Hardened-Php	Suhosin	0.9.24	—
Hardened-Php	Suhosin	0.9.25	—
Hardened-Php	Suhosin	0.9.26	—
Hardened-Php	Suhosin	0.9.27	—
Hardened-Php	Suhosin	0.9.28	—
Hardened-Php	Suhosin	0.9.29	—
Hardened-Php	Suhosin	0.9.30	—

References

Timeline

Published: Jan 27, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-0807?

How severe is CVE-2012-0807?

Severity scoring for CVE-2012-0807 is pending analysis. The EPSS model estimates a 3.51% probability of exploitation in the next 30 days.

How do I fix CVE-2012-0807?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0807?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST