Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-6420

Published: 17/12/2013 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP prior to 5.3.28, 5.4.x prior to 5.4.23, and 5.5.x prior to 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.4.12

php php 5.4.15

php php 5.4.19

php php 5.4.16

php php 5.4.14

php php 5.4.8

php php 5.4.17

php php 5.4.22

php php 5.4.9

php php 5.4.11

php php 5.4.10

php php 5.4.2

php php 5.4.21

php php 5.4.5

php php 5.4.6

php php 5.4.13

php php 5.4.0

php php 5.4.3

php php 5.4.18

php php 5.4.1

php php 5.4.20

php php 5.4.7

php php 5.4.4

opensuse opensuse 12.3

opensuse opensuse 11.4

opensuse opensuse 12.2

opensuse opensuse 13.1

apple mac os x

php php 5.3.10

php php 5.3.6

php php 5.3.9

php php 5.3.1

php php 5.3.18

php php

php php 5.3.24

php php 5.3.15

php php 5.3.8

php php 5.3.14

php php 5.3.25

php php 5.3.20

php php 5.3.21

php php 5.3.22

php php 5.3.12

php php 5.3.0

php php 5.3.3

php php 5.3.23

php php 5.3.7

php php 5.3.11

php php 5.3.17

php php 5.3.2

php php 5.3.4

php php 5.3.16

php php 5.3.26

php php 5.3.5

php php 5.3.13

php php 5.3.19

php php 5.5.0

php php 5.5.1

php php 5.5.5

php php 5.5.6

php php 5.5.3

php php 5.5.4

php php 5.5.2

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian CVElist Bug Report Logs: php5: CVE-2013-6420: memory corruption in openssl_x509_parse()
Debian Bug report logs - #731895 php5: CVE-2013-6420: memory corruption in openssl_x509_parse() Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 De ...
Debian CVElist Bug Report Logs: php5: CVE-2013-6712
Debian Bug report logs - #731112 php5: CVE-2013-6712 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 2 Dec 2013 08:57:02 UTC Severity: important Tags: s ...
Debian Security Advisories: DSA-2816-1 php5 -- several vulnerabilities
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse() CVE-2013-6712 Creating DateInterval obje ...
Red Hat: Critical: php53 security update
Synopsis Critical: php53 security update Type/Severity Security Advisory: Critical Topic Updated php53 packages that fix one security issue are now available forRed Hat Enterprise Linux 56 and 59 Extended Update SupportThe Red Hat Security Response Team has rated this update as having criticalsecurity im ...
Red Hat: Critical: php security update
Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic Updated php packages that fix one security issue are now available for RedHat Enterprise Linux 53 Long Life, and Red Hat Enterprise Linux 56, 59,62, 63, and 64 Extended Update SupportThe Red Hat Security Response T ...
Red Hat: Critical: php security update
Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic Updated php packages that fix one security issue are now available for RedHat Software Collections 1The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulnerability Scori ...
Red Hat: Critical: php security update
Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic Updated php packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulnerability Scori ...
Red Hat: Critical: php53 and php security update
Synopsis Critical: php53 and php security update Type/Severity Security Advisory: Critical Topic Updated php53 and php packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 5 and 6 respectivelyThe Red Hat Security Response Team has rated this update as having criticalsecurity i ...
Red Hat: Critical: php security update
Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic Updated php packages that fix one security issue are now available for RedHat Enterprise Linux 3 and 4 Extended Life Cycle SupportThe Red Hat Security Response Team has rated this update as having criticalsecurity impact ...
Amazon Linux AMI: ALAS-2013-263
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X509 certificates A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to ...
Amazon Linux AMI: ALAS-2013-264
A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X509 certificates A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to ...
Amazon Linux AMI: ALAS-2013-262
The asn1_time_to_time_t function in ext/openssl/opensslc in PHP before 5328, 54x before 5423, and 55x before 557 does not properly parse (1) notBefore and (2) notAfter timestamps in X509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that i ...
Red Hat: CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/opensslc in PHP before 5328, 54x before 5423, and 55x before 557 does not properly parse (1) notBefore and (2) notAfter timestamps in X509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that i ...

Exploits

Exploit DB: PHP - 'openssl_x509_parse()' Memory Corruption
SektionEins GmbH wwwsektioneinsde -= Security Advisory =- Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser [stefanesser[at]sektioneinsde] Application: PHP 406 - PHP ...
Exploit DB: PHP openssl_x509_parse() Memory Corruption
The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer This problem can be triggered by x ...

Github Repositories

https://github.com/Wikinaut/MySimpleCertificateViewer

MySimpleCertViewer - a simple server certificate viewer in PHP.

MySimpleCertificateViewer MySimpleCertificateViewer - a simple server certificate viewer in PHP Usage Deploy the script indexphp to your web server and point to it Make sure to run a recent PHP version which is not subject to CVE-2013-6420 issue, memory corruption in openssl_x509_parse(), see wwwphpnet/ChangeLog-5php#557 Additional information: command line to

References

CWE-119https://bugzilla.redhat.com/show_bug.cgi?id=1036830http://www.php.net/ChangeLog-5.phphttps://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00125.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00126.htmlhttp://www.securitytracker.com/id/1029472http://support.apple.com/kb/HT6150http://secunia.com/advisories/59652https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322http://www.securityfocus.com/bid/64225http://www.ubuntu.com/usn/USN-2055-1http://www.debian.org/security/2013/dsa-2816http://rhn.redhat.com/errata/RHSA-2013-1826.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1825.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1824.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1815.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1813.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21https://usn.ubuntu.com/2055-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/30395/https://access.redhat.com/security/cve/cve-2013-6420
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook