CVE-2014-8626

{"id": "CVE-2014-8626", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-23T02:59:00.087", "references": [{"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2014/11/06/3", "source": "secalert@redhat.com"}, {"url": "http://php.net/ChangeLog-5.php", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1825.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/70928", "source": "secalert@redhat.com"}, {"url": "https://bugs.php.net/bug.php?id=45226", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n date_from_ISO8601 en ext/xmlrpc/libxmlrpc/xmlrpc.c en PHP anterior a 5.2.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario mediante la inclusi\u00f3n de un campo de zona horaria en una fecha, que conlleva a una codificaci\u00f3n XML-RPC indebida."}], "lastModified": "2023-11-07T02:22:39.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F", "versionEndIncluding": "5.2.6"}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"}, {"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17"}, {"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B"}, {"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F"}, {"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}