Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6712 to the following vulnerability: The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. Upstream bug: https://bugs.php.net/bug.php?id=66060 Upstream fix: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
This issue affects PHP 5.3, 5.4, and 5.5.
Fixed upstream in 5.4.24 and 5.5.8: http://www.php.net/ChangeLog-5.php#5.4.24 http://www.php.net/ChangeLog-5.php#5.5.8
This issue can cause PHP to over-read heap-based buffer when parsing specially-crafted interval specification using the DateInterval class. It may possibly lead to leak of portions of heap memory, or interpreter crash. This greatly depends on the contents of memory behind the buffer being over-read. Actual crash was only reproducible with special builds with address sanitizer. Statement: This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.
Fedora php packages are already updated to 5.5.8 or later and are no longer affected by this issue.
(In reply to Tomas Hoger from comment #6) > It may possibly lead to leak of portions of heap memory, or interpreter crash. I was wrong about information leak. There are check later in the code, that make php generate warning / exception if this error occurs, rather than creating DateInterval instance populated with leaked data.
IssueDescription: A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:1012 https://rhn.redhat.com/errata/RHSA-2014-1012.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html