CVE-2013-6712
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
- Published date
- 2013-11-28T04:37Z
- Last modification date
- 2022-10-31T15:01Z
- Assigner
- cve@mitre.org
- Problem type
- CWE-119
| Name | URL | Source | Tags |
|---|---|---|---|
| http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 | http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 | CONFIRM | Patch, Vendor Advisory |
| https://bugs.php.net/bug.php?id=66060 | https://bugs.php.net/bug.php?id=66060 | MISC | Issue Tracking, Patch, Vendor Advisory |
| openSUSE-SU-2013:1963 | http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html | SUSE | Mailing List, Third Party Advisory |
| openSUSE-SU-2013:1964 | http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html | SUSE | Mailing List, Third Party Advisory |
| RHSA-2014:1765 | http://rhn.redhat.com/errata/RHSA-2014-1765.html | REDHAT | Third Party Advisory |
| https://support.apple.com/HT204659 | https://support.apple.com/HT204659 | CONFIRM | Third Party Advisory |
| APPLE-SA-2015-04-08-2 | http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | APPLE | Mailing List, Third Party Advisory |
| SSRT101447 | https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 | HP | Third Party Advisory |
| USN-2055-1 | http://www.ubuntu.com/usn/USN-2055-1 | UBUNTU | Third Party Advisory |
| DSA-2816 | http://www.debian.org/security/2013/dsa-2816 | DEBIAN | Third Party Advisory |