[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110204

 
 

909

 
 

85984

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2013-6420Date: (C)2014-01-04   (M)2018-05-10


The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1029472
SECUNIA-59652
BID-64225
DSA-2816
IAVM:2014-A-0030
RHSA-2013:1813
RHSA-2013:1815
RHSA-2013:1824
RHSA-2013:1825
RHSA-2013:1826
SSRT101447
USN-2055-1
http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!
http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
http://support.apple.com/kb/HT6150
http://www.php.net/ChangeLog-5.php
https://bugzilla.redhat.com/show_bug.cgi?id=1036830
https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
openSUSE-SU-2013:1963
openSUSE-SU-2013:1964

CPE    79
cpe:/o:novell:opensuse:12.2
cpe:/o:novell:opensuse:12.3
cpe:/o:novell:opensuse:11.4
cpe:/o:novell:opensuse:13.1
...
CWE    1
CWE-119
OVAL    41
oval:org.secpod.oval:def:701516
oval:org.secpod.oval:def:17028
oval:org.secpod.oval:def:601168
oval:org.secpod.oval:def:17037
...

© SecPod Technologies