Published: 28/11/2013 Updated: 31/10/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The scan function in ext/date/lib/parse_iso_intervals.c in PHP up to and including 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote malicious users to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
apple mac os x
opensuse opensuse 12.3
opensuse opensuse 11.4
opensuse opensuse 12.2
opensuse opensuse 13.1
canonical ubuntu linux 13.04
canonical ubuntu linux 13.10
canonical ubuntu linux 12.10
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04
debian debian linux 7.0
debian debian linux 6.0

Debian Bug report logs - #731112 php5: CVE-2013-6712 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 2 Dec 2013 08:57:02 UTC Severity: important Tags: s ...

Debian Bug report logs - #731895 php5: CVE-2013-6420: memory corruption in openssl_x509_parse() Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 De ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse() CVE-2013-6712 Creating DateInterval obje ...

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash ...

A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file acincludem4, as used in the configure script in PHP 5513 and earlier, allows local users to ...

CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervalsc in PHP through 556 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification authentication complexity vector NONE LOW NETWORK confidentiality integrity availab

CWE-119 http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 https://bugs.php.net/bug.php?id=66060 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2014-1765.html https://support.apple.com/HT204659 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 http://www.ubuntu.com/usn/USN-2055-1 http://www.debian.org/security/2013/dsa-2816 https://github.com/Live-Hack-CVE/CVE-2013-6712 https://nvd.nist.gov https://www.securityfocus.com/bid/64018 https://usn.ubuntu.com/2055-1/https://access.redhat.com/security/cve/cve-2013-6712 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731112

CVE-2013-6712

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect