Bug 1154503 (CVE-2014-3668) - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
Summary: CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in m...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3668
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1154638 1154639 1155020 1155021 1155022 1155023 1155024
Blocks: 1149858 1154506
TreeView+ depends on / blocked
 
Reported: 2014-10-20 04:19 UTC by Murray McAllister
Modified: 2021-02-17 06:04 UTC (History)
8 users (show)

Fixed In Version: php 5.4.34, php 5.5.18, php 5.6.2
Doc Type: Bug Fix
Doc Text:
An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Clone Of:
Environment:
Last Closed: 2014-10-31 09:01:48 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
PHP Bug Tracker 68027 0 None None None Never
Red Hat Product Errata RHSA-2014:1765 0 normal SHIPPED_LIVE Important: php54-php security update 2014-10-30 23:45:24 UTC
Red Hat Product Errata RHSA-2014:1766 0 normal SHIPPED_LIVE Important: php55-php security update 2014-10-30 23:45:12 UTC
Red Hat Product Errata RHSA-2014:1767 0 normal SHIPPED_LIVE Important: php security update 2014-10-31 00:16:02 UTC
Red Hat Product Errata RHSA-2014:1768 0 normal SHIPPED_LIVE Important: php53 security update 2014-10-30 23:44:46 UTC

Description Murray McAllister 2014-10-20 04:19:46 UTC 
An out-of-bounds read flaw was found in PHP's mkgmtime() function. This could possibly cause the PHP interpreter to crash.

This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.

References:
http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e
https://bugs.php.net/bug.php?id=68027
http://php.net/ChangeLog-5.php
Comment 15 Martin Prpič 2014-10-30 11:11:17 UTC 
IssueDescription:

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
Comment 16 errata-xmlrpc 2014-10-30 19:45:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1768 https://rhn.redhat.com/errata/RHSA-2014-1768.html
Comment 17 errata-xmlrpc 2014-10-30 19:47:06 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html
Comment 18 errata-xmlrpc 2014-10-30 19:49:36 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6

Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html
Comment 19 errata-xmlrpc 2014-10-30 20:16:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1767 https://rhn.redhat.com/errata/RHSA-2014-1767.html
Comment 20 Tomas Hoger 2014-10-31 09:01:48 UTC 
Statement:

This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5.
Note You need to log in before you can comment on or make changes to this bug.