Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-6420

Опубликовано: 10 дек. 2013
Источник: redhat
CVSS2: 7.5
EPSS Средний

Описание

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1phpAffected
Red Hat Enterprise Linux 7phpNot affected
Red Hat OpenShift Enterprise 2phpAffected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Enterprise Linux 3 Extended Lifecycle SupportphpFixedRHSA-2013:182612.12.2013
Red Hat Enterprise Linux 4 Extended Lifecycle SupportphpFixedRHSA-2013:182612.12.2013
Red Hat Enterprise Linux 5php53FixedRHSA-2013:181311.12.2013
Red Hat Enterprise Linux 5phpFixedRHSA-2013:181411.12.2013
Red Hat Enterprise Linux 5.3 Long LifephpFixedRHSA-2013:182411.12.2013
Red Hat Enterprise Linux 5.6 EUS - Server OnlyphpFixedRHSA-2013:182411.12.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-130->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1036830php: memory corruption in openssl_x509_parse()

EPSS

Процентиль: 97%
0.40224
Средний

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-6420

ubuntu
больше 12 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

nvd логотип

CVE-2013-6420

nvd
больше 12 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

debian логотип

CVE-2013-6420

debian
больше 12 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...

github логотип

GHSA-m6pq-hhvx-694c

github
почти 4 года назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

oracle-oval логотип

ELSA-2013-1813

oracle-oval
больше 12 лет назад

ELSA-2013-1813: php53 and php security update (CRITICAL)

EPSS

Процентиль: 97%
0.40224
Средний

7.5 High

CVSS2