Cent OS: CVE-2014-3668: CESA-2014:1768 (php53)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | October 29, 2014 | December 01, 2016 | July 04, 2017 |
Description
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
centos-upgrade-phpRelated Vulnerabilities
- RHSA-2014:1765: php54-php security update
- Amazon Linux AMI: Security patch for php55 (ALAS-2014-435) (multiple CVEs)
- OS X update for Admin Framework (CVE-2014-3668)
- DSA-3064-1 php5 -- security update
- Oracle Solaris 11: CVE-2014-3668: Vulnerability in PHP
- Gentoo Linux: CVE-2014-3668: PHP: Multiple vulnerabilities
- ELSA-2014-1768 Important: Oracle Linux php53 security update
- Amazon Linux AMI: Security patch for php54 (ALAS-2014-434) (multiple CVEs)
- OS X update for PHP (CVE-2014-3668)
- RHSA-2014:1766: php55-php security update
- RHSA-2014:1768: php53 security update
- SUSE: CVE-2014-3668: SUSE Linux Security Advisory
- USN-2391-1: php5 vulnerabilities
- RHSA-2014:1767: php security update
- ELSA-2015-1135 Important: Oracle Linux php security and bug fix update
- PHP Vulnerability: CVE-2014-3668
- ELSA-2014-1767 Important: Oracle Linux php security update