Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-6420

Опубликовано: 10 дек. 2013
Источник: redhat
CVSS2: 7.5

Описание

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1phpAffected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Enterprise Linux Extended Update Support 5.3phpAffected
Red Hat OpenShift Enterprise 2phpAffected
Red Hat Software Collections for Red Hat Enterprise Linuxphp55-phpAffected
Red Hat Enterprise Linux 3 Extended Lifecycle SupportphpFixedRHSA-2013:182612.12.2013
Red Hat Enterprise Linux 4 Extended Lifecycle SupportphpFixedRHSA-2013:182612.12.2013
Red Hat Enterprise Linux 5php53FixedRHSA-2013:181311.12.2013
Red Hat Enterprise Linux 5phpFixedRHSA-2013:181411.12.2013
Red Hat Enterprise Linux 5.3 Long LifephpFixedRHSA-2013:182411.12.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-130->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1036830php: memory corruption in openssl_x509_parse()

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-6420

ubuntu
больше 11 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

nvd логотип

CVE-2013-6420

nvd
больше 11 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

debian логотип

CVE-2013-6420

debian
больше 11 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...

github логотип

GHSA-m6pq-hhvx-694c

github
около 3 лет назад

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

oracle-oval логотип

ELSA-2013-1813

oracle-oval
больше 11 лет назад

ELSA-2013-1813: php53 and php security update (CRITICAL)

7.5 High

CVSS2