Description
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sender by BestWebSoft Multiple Vulnerabilities (0.7)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Security Bypass (2.7.2)
WordPress Plugin Chameleon CSS SQL Injection (1.2)
RubyGems Cryptographic Issues Vulnerability (CVE-2012-2126)
Seo Panel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-22643)