Fluid Attacks Database

Description

A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	php53	<0:5.3.3-23.el5_10	0:5.3.3-23.el5_10
rpm rhel6	php	<0:5.3.3-27.el6_5.1	0:5.3.3-27.el6_5.1

Aliases

1. CVE-2013-67122. NVD-2013-67123. OSV-2013-6712

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.