CVE-2013-6420 in PHPinfo

Summary

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Reservation

11/04/2013

Disclosure

12/16/2013

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
11512	PHP Timestamp Converter openssl_x509_parse memory corruption	119	Proof-of-Concept	Official fix	CVE-2013-6420

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!