2 matches found
php: heap-based buffer over-read in DateInterval
A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash...
Heap overflow
The scan function in ext/date/lib/parseisointervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service heap-based buffer over-read via a crafted interval specification...