CVE-2012-0807

Name of the Vulnerable Software and Affected Versions Suhosin extension versions prior to 0.9.33

Description A stack-based buffer overflow issue exists in the suhosin encrypt single cookie function of the Suhosin extension for PHP. This issue arises when the transparent cookie-encryption feature is enabled, along with suhosin.cookie.encrypt and suhosin.multiheader. It may allow remote attackers to execute arbitrary code via a long string used in a Set-Cookie HTTP header.

Recommendations For Suhosin extension versions prior to 0.9.33, update to version 0.9.33 or later to resolve the issue. As a temporary workaround, consider disabling the transparent cookie-encryption feature by setting suhosin.cookie.encrypt to 0 until a patch is applied. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using long strings in Set-Cookie HTTP headers until the issue is resolved.