CVE-2013-6712

Опубликовано: 27 нояб. 2013

Источник: redhat

CVSS2: 2.6

Описание

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash.

Отчет

This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 7	php	Not affected
Red Hat Software Collections	php55-php	Affected
Red Hat Enterprise Linux 5	php53	Fixed	RHSA-2014:1012	06.08.2014
Red Hat Enterprise Linux 6	php	Fixed	RHSA-2014:1012	06.08.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	php54-php	Fixed	RHSA-2014:1765	30.10.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS	php54-php	Fixed	RHSA-2014:1765	30.10.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS	php54-php	Fixed	RHSA-2014:1765	30.10.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS	php54-php	Fixed	RHSA-2014:1765	30.10.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7	php54-php	Fixed	RHSA-2014:1765	30.10.2014