Описание
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Отчет
This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2014:1768 | 30.10.2014 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2014:1767 | 30.10.2014 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2014:1767 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Buffer overflow in the date_from_ISO8601 function in the mkgmtime impl ...
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Уязвимость функции mkgmtime (libxmlrpc/xmlrpc.c) интерпретатора языка программирования PHP, позволяющая нарушителю
4.3 Medium
CVSS2