CVE-2014-8626
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
23/11/2014
Last modified:
12/04/2025
Description
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | 5.2.6 (including) | |
| cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.php.net/?p=php-src.git%3Ba%3Dcommit%3Bh%3Dc818d0d01341907fee82bdb81cab07b7d93bb9db
- http://openwall.com/lists/oss-security/2014/11/06/3
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2014-1824.html
- http://rhn.redhat.com/errata/RHSA-2014-1825.html
- http://www.securityfocus.com/bid/70928
- https://bugs.php.net/bug.php?id=45226
- https://bugzilla.redhat.com/show_bug.cgi?id=1155607
- http://git.php.net/?p=php-src.git%3Ba%3Dcommit%3Bh%3Dc818d0d01341907fee82bdb81cab07b7d93bb9db
- http://openwall.com/lists/oss-security/2014/11/06/3
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2014-1824.html
- http://rhn.redhat.com/errata/RHSA-2014-1825.html
- http://www.securityfocus.com/bid/70928
- https://bugs.php.net/bug.php?id=45226
- https://bugzilla.redhat.com/show_bug.cgi?id=1155607