Published: 29/10/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP prior to 5.4.34, 5.5.x prior to 5.5.18, and 5.6.x prior to 5.6.2 allows remote malicious users to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.5.0
php php 5.4.32
php php 5.4.12
php php 5.4.15
php php 5.5.16
php php 5.4.19
php php 5.6.0
php php 5.5.1
php php 5.5.5
php php 5.5.17
php php 5.4.14
php php 5.4.8
php php 5.5.14
php php 5.4.17
php php 5.5.7
php php 5.4.22
php php 5.4.9
php php 5.4.11
php php 5.5.12
php php 5.4.10
php php 5.5.6
php php 5.4.2
php php
php php 5.5.3
php php 5.4.27
php php 5.5.8
php php 5.4.16
php php 5.4.28
php php 5.4.21
php php 5.4.5
php php 5.4.26
php php 5.5.15
php php 5.5.11
php php 5.5.13
php php 5.5.4
php php 5.4.24
php php 5.4.23
php php 5.4.6
php php 5.4.30
php php 5.4.31
php php 5.4.13
php php 5.4.29
php php 5.4.0
php php 5.4.3
php php 5.4.18
php php 5.5.10
php php 5.4.1
php php 5.4.20
php php 5.4.25
php php 5.4.7
php php 5.4.4
php php 5.5.2
php php 5.5.9

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development It has been decided to follow the stable 54x releases for the Wheezy PHP packages Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5434, which includes additional bug fixes, new ...

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format A specially crafted XML-RPC request or response could possibly cause a PHP application to crash (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized Specially crafted input processed by the unserializ ...

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format A specially crafted XML-RPC request or response could possibly cause a PHP application to crash ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=1154503 https://bugs.php.net/bug.php?id=68027 http://php.net/ChangeLog-5.php http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2014-1768.html http://secunia.com/advisories/61982 http://secunia.com/advisories/60699 http://www.ubuntu.com/usn/USN-2391-1 http://rhn.redhat.com/errata/RHSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1767.html http://secunia.com/advisories/60630 http://linux.oracle.com/errata/ELSA-2014-1768.html http://secunia.com/advisories/59967 http://www.debian.org/security/2014/dsa-3064 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://support.apple.com/HT204659 http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://www.securityfocus.com/bid/70666 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e https://usn.ubuntu.com/2391-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3668

CVE-2014-3668

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect