CVE-2014-3668
published 2014-10-29CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x…
PriorityP434medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
27.02%
97.8th percentile
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Affected
56 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| php | php | <= 5.4.33 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xv3f-rvh8-r59c: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc
ghsa_unreviewed·2022-05-17
CVE-2014-3668 [MEDIUM] CWE-119 GHSA-xv3f-rvh8-r59c: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
OSV
php5 vulnerabilities
osv·2014-10-30·CVSS 5.0
CVE-2014-3668 [MEDIUM] php5 vulnerabilities
php5 vulnerabilities
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime
function. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
extension. A remote attacker could possibly use this issue to cau
OSV
CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc
osv·2014-10-29·CVSS 5.0
CVE-2014-3668 [MEDIUM] CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Ubuntu
php5 vulnerabilities
vendor_ubuntu·2014-10-30·CVSS 5.0
CVE-2014-3668 [MEDIUM] php5 vulnerabilities
Title: php5 vulnerabilities
Summary: Several security issues were fixed in PHP.
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime
function. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
exten
Red Hat
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
vendor_redhat·2014-10-14·CVSS 5.0
CVE-2014-3668 [MEDIUM] CWE-125 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Statement: This issue did not affect the php packages as shipped with Red Hat Enterprise
Apple
CVE-2014-3668: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 5.0
CVE-2014-3668 [MEDIUM] CVE-2014-3668: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2014-3668
Component: CVE-2014-3668
No detection rules found.
No public exploits indexed.
Tenable
[R3] SecurityCenter 4.8.2 Fixes Third-party Library Vulnerability
blogs_tenable·2014-11-05
[R3] SecurityCenter 4.8.2 Fixes Third-party Library Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow
bugzilla·2014-10-22·CVSS 5.0
CVE-2014-8626 [MEDIUM] CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow
CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow
While investigating the CVE-2014-3668 issue (bug 1154503), it was discovered that older PHP versions are affected by another issue in the ISO8601 date format parsing code. The internal date_from_ISO8601() function failed to check buffer boundary when copying input string to a local fixed sized buffer.
http://git.php.net/?p=php-src.git;a=blob;f=ext/xmlrpc/libxmlrpc/xmlrpc.c;h=d82f270#l164
This leads to a stack based buffer overflow. A PHP application that uses the PHP xmlrpc extension (in Red Hat Enterprise Linux and Fedora, this extension is available via separate php-xmlrpc package) to implement an XML-RPC server (or client) could crash or, possibly, execute arbitrary code while parsing a specially crafted XML-RPC re
Bugzilla
CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
bugzilla·2014-10-20·CVSS 5.0
CVE-2014-3668 [MEDIUM] CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
An out-of-bounds read flaw was found in PHP's mkgmtime() function. This could possibly cause the PHP interpreter to crash.
This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.
References:
http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e
https://bugs.php.net/bug.php?id=68027
http://php.net/ChangeLog-5.php
Discussion:
IssueDescription:
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Via RHSA-2014:1768
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726ehttp://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://secunia.com/advisories/59967http://secunia.com/advisories/60630http://secunia.com/advisories/60699http://secunia.com/advisories/61763http://secunia.com/advisories/61970http://secunia.com/advisories/61982http://www.debian.org/security/2014/dsa-3064http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70666http://www.ubuntu.com/usn/USN-2391-1https://bugs.php.net/bug.php?id=68027https://bugzilla.redhat.com/show_bug.cgi?id=1154503https://support.apple.com/HT204659http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726ehttp://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://secunia.com/advisories/59967http://secunia.com/advisories/60630http://secunia.com/advisories/60699http://secunia.com/advisories/61763http://secunia.com/advisories/61970http://secunia.com/advisories/61982http://www.debian.org/security/2014/dsa-3064http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70666http://www.ubuntu.com/usn/USN-2391-1https://bugs.php.net/bug.php?id=68027https://bugzilla.redhat.com/show_bug.cgi?id=1154503https://support.apple.com/HT204659
2014-10-29
Published