Wind River Support Network

HomeDefectsLIN6-2516
Fixed

LIN6-2516 : Security Advisory - php - CVE-2013-6420

Created: Jan 5, 2014    Updated: Dec 3, 2018
Resolved Date: Jan 26, 2014
Found In Version: 6.0.0.3
Fix Version: 6.0.0.3
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6420

Other Downloads


Live chat
Online