CVE-2014-8626

Impact:
Critical
Public Date:
2014-11-05
CWE:
CWE-121
Bugzilla:
1155607: CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow
A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application.

Find out more about CVE-2014-8626 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect php53 packages in Red Hat Enterprise Linux 5, php packages in Red Hat Enterprise Linux 6 and 7, and php54-php and php55-php packages in Red Hat Software Collections 1.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (php) RHSA-2014:1824 2014-11-06
Red Hat Enterprise Linux Extended Lifecycle Support 4 (php) RHSA-2014:1825 2014-11-06

Affected Packages State

Platform Package State
Red Hat Software Collections 1 for Red Hat Enterprise Linux php55-php Not affected
Red Hat Software Collections 1 for Red Hat Enterprise Linux php54-php Not affected
Red Hat Enterprise Linux 7 php Not affected
Red Hat Enterprise Linux 6 php Not affected
Red Hat Enterprise Linux 5 php53 Not affected

Last Modified