Description

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Remediation

References

CVE-2013-6712

Related Vulnerabilities

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3736)

qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11811)

MySQL CVE-2015-4879 Vulnerability (CVE-2015-4879)

Moodle Other Vulnerability (CVE-2022-30597)

WordPress Plugin ChimpExpress Cross-Site Scripting (1.6.3)

Severity

Medium

Classification

CVE-2013-6712 CWE-119

Tags

Missing Update Known Vulnerabilities