Launchpad CVE tracker

CVE 2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Related bugs and status

CVE-2013-6712 (Candidate) is related to these bugs:

Bug #1242726: [MIR] php5-common is missing dependency on php5-json

		In	Importance	Status
1242726	[MIR] php5-common is missing dependency on php5-json	php5 (Ubuntu)	High	Fix Released
1242726	[MIR] php5-common is missing dependency on php5-json	php-json (Ubuntu)	High	Fix Released
1242726	[MIR] php5-common is missing dependency on php5-json	pkg-php-tools (Ubuntu)	Undecided	Fix Released

Bug #1244343: Regression in system fallback for date_default_timezone_get()

		In	Importance	Status
1244343	Regression in system fallback for date_default_timezone_get()	php5 (Ubuntu)	High	Fix Released
1244343	Regression in system fallback for date_default_timezone_get()	php5 (Debian)	Unknown	Fix Released
1244343	Regression in system fallback for date_default_timezone_get()	php5 (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6712

References