The scan function in ext/date/lib/parse_iso_intervals.c in PHP up to and including 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote malicious users to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
apple mac os x |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 13.1 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |