Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-8626

Опубликовано: 23 нояб. 2014
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия до 5.2.6 (включая)
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04168
Низкий

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2014-8626

ubuntu
больше 10 лет назад

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

redhat логотип

CVE-2014-8626

redhat
больше 10 лет назад

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

debian логотип

CVE-2014-8626

debian
больше 10 лет назад

Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ...

github логотип

GHSA-mfxw-8c28-qhqc

github
около 3 лет назад

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

oracle-oval логотип

ELSA-2014-1824

oracle-oval
больше 10 лет назад

ELSA-2014-1824: php security update (IMPORTANT)

EPSS

Процентиль: 88%
0.04168
Низкий

7.5 High

CVSS2

Дефекты

CWE-119