Denial Of Service (DoS)

2019-01-1509:02:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

php is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

CPENameOperatorVersion
php54-phpeq5.4.16__16.el6
php54-phpeq5.4.16__7.el6
php54-phpeq5.4.16__7.el6.1
php53eq5.3.3__1.el5_6.1
php53eq5.3.3__1.el5_7.5
php53eq5.3.3__13.el5_8
php53eq5.3.3__22.el5_10
php53eq5.3.3__21.el5
php53eq5.3.3__13.el5_9.1
php53eq5.3.3__1.el5_7.6

Name	Operator	Version
php54-php	eq	5.4.16__16.el6
php54-php	eq	5.4.16__7.el6
php54-php	eq	5.4.16__7.el6.1
php53	eq	5.3.3__1.el5_6.1
php53	eq	5.3.3__1.el5_7.5
php53	eq	5.3.3__13.el5_8
php53	eq	5.3.3__22.el5_10
php53	eq	5.3.3__21.el5
php53	eq	5.3.3__13.el5_9.1
php53	eq	5.3.3__1.el5_7.6