Computer Security
[EN] securityvulns.ru no-pyccku


PHP memory corruption
updated since 24.12.2013
Published:30.12.2013
Source:
SecurityVulns ID:13464
Type:library
Threat Level:
7/10
Description:Memory corruption in asn1_time_to_time_t()
Affected:PHP : PHP 5.5
CVE:CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.)
Original documentdocumentStefan Esser, Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability (30.12.2013)
 documentMANDRIVA, [ MDVSA-2013:298 ] php (24.12.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod