FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-6712

This CVE name corresponds to:

Entered Topic
2014-08-18 PHP multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-6712 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-6712
Phase Assigned(20131108)

Description

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

References

Source Reference
MISC https://bugs.php.net/bug.php?id=66060
CONFIRM http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
CONFIRM https://support.apple.com/HT204659
APPLE APPLE-SA-2015-04-08-2
HP HPSBMU03112
HP SSRT101447
REDHAT RHSA-2014:1765
SUSE openSUSE-SU-2013:1963
SUSE openSUSE-SU-2013:1964

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.