[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-6420Date: (C)2014-01-04   (M)2024-03-21


The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1029472
SECUNIA-59652
BID-64225
DSA-2816
HPSBMU03112
RHSA-2013:1813
RHSA-2013:1815
RHSA-2013:1824
RHSA-2013:1825
RHSA-2013:1826
USN-2055-1
http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415
http://support.apple.com/kb/HT6150
http://www.php.net/ChangeLog-5.php
https://bugzilla.redhat.com/show_bug.cgi?id=1036830
https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
openSUSE-SU-2013:1963
openSUSE-SU-2013:1964

CPE    79
cpe:/a:php:php:5.4.21
cpe:/a:php:php:5.4.22
cpe:/a:php:php:5.4.20
cpe:/a:php:php:5.5.0
...
CWE    1
CWE-119
OVAL    43
oval:org.secpod.oval:def:108766
oval:org.secpod.oval:def:107838
oval:org.secpod.oval:def:1600318
oval:org.secpod.oval:def:108122
...

© SecPod Technologies