Heap-based Buffer Over-read Vulnerability in PHP's DateInterval Object Creation

CVE-2013-6712 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Learn more about our Web Application Penetration Testing UK.