Lucene search

[email protected]CVE-2014-8626

HistoryNov 23, 2014 - 2:59 a.m.

CVE-2014-8626

2014-11-2302:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2014

8626

php

buffer overflow

date_from_iso8601

xml-rpc

encoding

nvd

security vulnerability

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.079 Low

EPSS

Percentile

94.2%

JSON

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

CPENameOperatorVersion
php:phpphpeq5.2.2
php:phpphpeq5.2.5
php:phpphpeq5.2.3
php:phpphpeq5.2.0
php:phpphpeq5.2.4
php:phpphple5.2.6
php:phpphpeq5.2.1

CPE	Name	Operator	Version
php:php	php	eq	5.2.2
php:php	php	eq	5.2.5
php:php	php	eq	5.2.3
php:php	php	eq	5.2.0
php:php	php	eq	5.2.4
php:php	php	le	5.2.6
php:php	php	eq	5.2.1

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db

openwall.com/lists/oss-security/2014/11/06/3

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2014-1824.html

rhn.redhat.com/errata/RHSA-2014-1825.html

www.securityfocus.com/bid/70928

bugs.php.net/bug.php?id=45226

bugzilla.redhat.com/show_bug.cgi?id=1155607

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.079 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2014-8626

redhat2 prion1 ubuntucve1 openvas4 veracode1 oraclelinux1 nessus6 centos1