CVE-2013-6420

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Published date
2013-12-17T04:46Z
Last modification date
2018-10-30T16:27Z
Assigner
secalert@redhat.com
Problem type
CWE-119
NameURLSourceTags
http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415CONFIRMPatch
https://bugzilla.redhat.com/show_bug.cgi?id=1036830https://bugzilla.redhat.com/show_bug.cgi?id=1036830CONFIRMPatch
http://www.php.net/ChangeLog-5.phphttp://www.php.net/ChangeLog-5.phpCONFIRM
https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.htmlhttps://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.htmlMISCExploit
openSUSE-SU-2013:1963http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.htmlSUSE
openSUSE-SU-2013:1964http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.htmlSUSE
1029472http://www.securitytracker.com/id/1029472SECTRACK
http://support.apple.com/kb/HT6150http://support.apple.com/kb/HT6150CONFIRM
59652http://secunia.com/advisories/59652SECUNIA
HPSBMU03112https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322HP
64225http://www.securityfocus.com/bid/64225BID
USN-2055-1http://www.ubuntu.com/usn/USN-2055-1UBUNTU
DSA-2816http://www.debian.org/security/2013/dsa-2816DEBIAN
RHSA-2013:1826http://rhn.redhat.com/errata/RHSA-2013-1826.htmlREDHAT
RHSA-2013:1825http://rhn.redhat.com/errata/RHSA-2013-1825.htmlREDHAT
RHSA-2013:1824http://rhn.redhat.com/errata/RHSA-2013-1824.htmlREDHAT
RHSA-2013:1815http://rhn.redhat.com/errata/RHSA-2013-1815.htmlREDHAT
RHSA-2013:1813http://rhn.redhat.com/errata/RHSA-2013-1813.htmlREDHAT
http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!CONFIRM