Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4635 to the following vulnerability: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. References: [1] http://www.php.net/ChangeLog-5.php [2] https://bugs.php.net/bug.php?id=64895 Relevant upstream patches: [3] http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce [4] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef [5] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef
Statement: Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
This issue was addressed in Fedora-18 via the following update: https://admin.fedoraproject.org/updates/FEDORA-2013-10255