Lucene search

[email protected]CVE-2013-6420

HistoryDec 17, 2013 - 4:46 a.m.

CVE-2013-6420

2013-12-1704:46:45

CWE-119

[email protected]

web.nvd.nist.gov

174

php

asn1

timestamp

vulnerability

remote code execution

denial of service

memory corruption

nvd

cve-2013-6420

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.95 High

EPSS

Percentile

99.3%

JSON

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Affected configurations

NVD

Node

phpphpMatch5.4.0

phpphpMatch5.4.1

phpphpMatch5.4.2

phpphpMatch5.4.3

phpphpMatch5.4.4

phpphpMatch5.4.5

phpphpMatch5.4.6

phpphpMatch5.4.7

phpphpMatch5.4.8

phpphpMatch5.4.9

phpphpMatch5.4.10

phpphpMatch5.4.11

phpphpMatch5.4.12

phpphpMatch5.4.12rc1

phpphpMatch5.4.12rc2

phpphpMatch5.4.13

phpphpMatch5.4.13rc1

phpphpMatch5.4.14

phpphpMatch5.4.14rc1

phpphpMatch5.4.15

phpphpMatch5.4.15rc1

phpphpMatch5.4.16

phpphpMatch5.4.16rc1

phpphpMatch5.4.17

phpphpMatch5.4.18

phpphpMatch5.4.19

phpphpMatch5.4.20

phpphpMatch5.4.21

phpphpMatch5.4.22

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

applemac_os_xRange≤10.9.1

Node

phpphpRange≤5.3.27

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

phpphpMatch5.3.6

phpphpMatch5.3.7

phpphpMatch5.3.8

phpphpMatch5.3.9

phpphpMatch5.3.10

phpphpMatch5.3.11

phpphpMatch5.3.12

phpphpMatch5.3.13

phpphpMatch5.3.14

phpphpMatch5.3.15

phpphpMatch5.3.16

phpphpMatch5.3.17

phpphpMatch5.3.18

phpphpMatch5.3.19

phpphpMatch5.3.20

phpphpMatch5.3.21

phpphpMatch5.3.22

phpphpMatch5.3.23

phpphpMatch5.3.24

phpphpMatch5.3.25

phpphpMatch5.3.26

Node

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

CPENameOperatorVersion
php:phpphpeq5.4.0
php:phpphpeq5.4.1
php:phpphpeq5.4.2
php:phpphpeq5.4.3
php:phpphpeq5.4.4
php:phpphpeq5.4.5
php:phpphpeq5.4.6
php:phpphpeq5.4.7
php:phpphpeq5.4.8
php:phpphpeq5.4.9

CPE	Name	Operator	Version
php:php	php	eq	5.4.0
php:php	php	eq	5.4.1
php:php	php	eq	5.4.2
php:php	php	eq	5.4.3
php:php	php	eq	5.4.4
php:php	php	eq	5.4.5
php:php	php	eq	5.4.6
php:php	php	eq	5.4.7
php:php	php	eq	5.4.8
php:php	php	eq	5.4.9