Lucene search

K
cve[email protected]CVE-2013-6420
HistoryDec 17, 2013 - 4:46 a.m.

CVE-2013-6420

2013-12-1704:46:45
CWE-119
web.nvd.nist.gov
173
php
asn1
timestamp
vulnerability
remote code execution
denial of service
memory corruption
nvd
cve-2013-6420

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.95 High

EPSS

Percentile

99.3%

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Affected configurations

NVD
Node
phpphpMatch5.4.0
OR
phpphpMatch5.4.1
OR
phpphpMatch5.4.2
OR
phpphpMatch5.4.3
OR
phpphpMatch5.4.4
OR
phpphpMatch5.4.5
OR
phpphpMatch5.4.6
OR
phpphpMatch5.4.7
OR
phpphpMatch5.4.8
OR
phpphpMatch5.4.9
OR
phpphpMatch5.4.10
OR
phpphpMatch5.4.11
OR
phpphpMatch5.4.12
OR
phpphpMatch5.4.12rc1
OR
phpphpMatch5.4.12rc2
OR
phpphpMatch5.4.13
OR
phpphpMatch5.4.13rc1
OR
phpphpMatch5.4.14
OR
phpphpMatch5.4.14rc1
OR
phpphpMatch5.4.15
OR
phpphpMatch5.4.15rc1
OR
phpphpMatch5.4.16
OR
phpphpMatch5.4.16rc1
OR
phpphpMatch5.4.17
OR
phpphpMatch5.4.18
OR
phpphpMatch5.4.19
OR
phpphpMatch5.4.20
OR
phpphpMatch5.4.21
OR
phpphpMatch5.4.22
Node
opensuseopensuseMatch11.4
OR
opensuseopensuseMatch12.2
OR
opensuseopensuseMatch12.3
OR
opensuseopensuseMatch13.1
Node
applemac_os_xRange10.9.1
Node
phpphpRange5.3.27
OR
phpphpMatch5.3.0
OR
phpphpMatch5.3.1
OR
phpphpMatch5.3.2
OR
phpphpMatch5.3.3
OR
phpphpMatch5.3.4
OR
phpphpMatch5.3.5
OR
phpphpMatch5.3.6
OR
phpphpMatch5.3.7
OR
phpphpMatch5.3.8
OR
phpphpMatch5.3.9
OR
phpphpMatch5.3.10
OR
phpphpMatch5.3.11
OR
phpphpMatch5.3.12
OR
phpphpMatch5.3.13
OR
phpphpMatch5.3.14
OR
phpphpMatch5.3.15
OR
phpphpMatch5.3.16
OR
phpphpMatch5.3.17
OR
phpphpMatch5.3.18
OR
phpphpMatch5.3.19
OR
phpphpMatch5.3.20
OR
phpphpMatch5.3.21
OR
phpphpMatch5.3.22
OR
phpphpMatch5.3.23
OR
phpphpMatch5.3.24
OR
phpphpMatch5.3.25
OR
phpphpMatch5.3.26
Node
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6

References

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.95 High

EPSS

Percentile

99.3%