CVE-2013-6712
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
| Software | From | Fixed in |
|---|---|---|
| php / php | - | 5.3.29 |
| php / php | 5.4.0 | 5.4.24 |
| php / php | 5.5.0 | 5.5.8 |
| apple / mac_os_x | - | 10.10.2.x |
| opensuse / opensuse | 12.3 | 12.3.x |
| opensuse / opensuse | 11.4 | 11.4.x |
| opensuse / opensuse | 12.2 | 12.2.x |
| opensuse / opensuse | 13.1 | 13.1.x |
| canonical / ubuntu_linux | 13.04 | 13.04.x |
| canonical / ubuntu_linux | 13.10 | 13.10.x |
| canonical / ubuntu_linux | 12.10 | 12.10.x |
| canonical / ubuntu_linux | 10.04 | 10.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| debian / debian_linux | 7.0 | 7.0.x |
| debian / debian_linux | 6.0 | 6.0.x |
- http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://www.debian.org/security/2013/dsa-2816
- http://www.ubuntu.com/usn/USN-2055-1
- https://bugs.php.net/bug.php?id=66060
- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322
- https://support.apple.com/HT204659
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime