FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php5 -- Denial of Service in php_date_parse_tzfile()

Affected packages
5.2 <= php5 < 5.2.17_11
5.3 <= php5 < 5.3.9
php52 < 5.2.17_11
php53 < 5.3.9


VuXML ID 9b2a5e88-02b8-11e2-92d1-000d601460a4
Discovery 2010-12-08
Entry 2012-09-19

MITRE CVE team reports:

Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.


CVE Name CVE-2012-0789