CVE-2013-6420 in PHPinformation

Résumé (Anglaise)

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

Réserver

04/11/2013

Divulgation

16/12/2013

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
11512	PHP Timestamp Converter openssl_x509_parse buffer overflow	119	Preuve de concept	Correctif officiel	CVE-2013-6420

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

◂ PrécédentAperçuSuivant ▸

Want to know what is going to be exploited?

We predict KEV entries!