Description

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Remediation

References

CVE-2013-6712

Related Vulnerabilities

WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (6.7.6)

SharePoint Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-3889)

WordPress Plugin Side Menu-add fixed side buttons SQL Injection (3.1.3)

Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)

Severity

Medium

Classification

CVE-2013-6712 CWE-119

Tags

Missing Update Known Vulnerabilities