7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.95 High
EPSS
Percentile
99.3%
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse
(1) notBefore and (2) notAfter timestamps in X.509 certificates, which
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a crafted certificate that is not properly
handled by the openssl_x509_parse function.