CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
99.3%
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Vendor | Product | Version | CPE |
---|---|---|---|
php | php | 5.4.0 | cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:* |
php | php | 5.4.1 | cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:* |
php | php | 5.4.2 | cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:* |
php | php | 5.4.3 | cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:* |
php | php | 5.4.4 | cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:* |
php | php | 5.4.5 | cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:* |
php | php | 5.4.6 | cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:* |
php | php | 5.4.7 | cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:* |
php | php | 5.4.8 | cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:* |
php | php | 5.4.9 | cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:* |
forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21
git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415
lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
rhn.redhat.com/errata/RHSA-2013-1813.html
rhn.redhat.com/errata/RHSA-2013-1815.html
rhn.redhat.com/errata/RHSA-2013-1824.html
rhn.redhat.com/errata/RHSA-2013-1825.html
rhn.redhat.com/errata/RHSA-2013-1826.html
secunia.com/advisories/59652
support.apple.com/kb/HT6150
www.debian.org/security/2013/dsa-2816
www.php.net/ChangeLog-5.php
www.securityfocus.com/bid/64225
www.securitytracker.com/id/1029472
www.ubuntu.com/usn/USN-2055-1
bugzilla.redhat.com/show_bug.cgi?id=1036830
h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322
www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html