Computer Security
[EN] no-pyccku

PHP memory corruption
updated since 24.12.2013
SecurityVulns ID:13464
Threat Level:
Description:Memory corruption in asn1_time_to_time_t()
Affected:PHP : PHP 5.5
CVE:CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.)
Original documentdocumentStefan Esser, Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability (30.12.2013)
 documentMANDRIVA, [ MDVSA-2013:298 ] php (24.12.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod