Vulnerability-Lookup

BDU:2022-02643

Vulnerability from fstec - Published: 29.10.2014

Title

Уязвимость функции mkgmtime (libxmlrpc/xmlrpc.c) интерпретатора языка программирования PHP, позволяющая нарушителю

Description

Уязвимость функции mkgmtime (libxmlrpc/xmlrpc.c) интерпретатора языка программирования PHP вызвана переполнением буфера.

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, PHP Group

Software Name

Ubuntu, Red Hat Enterprise Linux, OpenSUSE Leap, Debian GNU/Linux, PHP

Software Version

14.10 (Ubuntu), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 7 (Debian GNU/Linux), 5.6.1 (PHP), 5.5.0alpha3 (PHP), 5.5.0alpha4 (PHP), 5.5.0rc1 (PHP), 5.5.0rc2 (PHP), 5.5.0 (PHP), 5.5.0beta1 (PHP), 5.5.0beta2 (PHP), 5.5.11 (PHP), 5.5.14 (PHP), 5.5.5 (PHP), 5.5.6 (PHP), 5.5.7 (PHP), 5.5.0alpha1 (PHP), 5.5.0alpha2 (PHP), 5.5.0beta3 (PHP), 5.5.0beta4 (PHP), 5.5.2 (PHP), 5.5.8 (PHP), 5.5.9 (PHP), 5.5.0alpha5 (PHP), 5.5.0alpha6 (PHP), 5.5.1 (PHP), 5.5.10 (PHP), 5.5.12 (PHP), 5.5.13 (PHP), 5.5.3 (PHP), 5.5.4 (PHP), 6 (Debian GNU/Linux), 5.5.15 (PHP), 5.5.16 (PHP), 5.5.17 (PHP), 10.04 (Ubuntu), 5.6.0 (PHP), 5.4.5 (PHP), 5.4.4 (PHP), 5.4.28 (PHP), 5.4.27 (PHP), 5.4.26 (PHP), 5.4.2 (PHP), 5.4.19 (PHP), 5.4.13rc1 (PHP), 5.4.13 (PHP), 5.4.9 (PHP), 5.4.8 (PHP), 5.4.32 (PHP), до 5.4.33 включительно (PHP), 5.4.23 (PHP), 5.4.22 (PHP), 5.4.16rc1 (PHP), 5.4.15rc1 (PHP), 5.4.12 (PHP), 5.4.11 (PHP), 5.4.7 (PHP), 5.4.6 (PHP), 5.4.3 (PHP), 5.4.29 (PHP), 5.4.21 (PHP), 5.4.20 (PHP), 5.4.14rc1 (PHP), 5.4.14 (PHP), 5.4.10 (PHP), 5.4.1 (PHP), 5.4.0 (PHP), 5.4.30 (PHP), 5.4.31 (PHP), 5.4.25 (PHP), 5.4.24 (PHP), 5.4.18 (PHP), 5.4.17 (PHP), 5.4.12rc2 (PHP), 5.4.12rc1 (PHP)

Possible Mitigations

Использование рекомендаций: https://bugs.php.net/bug.php?id=68027 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2014-3668 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3668.xml Для Ubuntu: https://ubuntu.com/security/CVE-2014-3668 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2014-3668

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1154503 https://bugs.php.net/bug.php?id=68027 http://php.net/ChangeLog-5.php http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2014-1768.html http://secunia.com/advisories/61982 http://secunia.com/advisories/60699 http://www.ubuntu.com/usn/USN-2391-1 http://rhn.redhat.com/errata/RHSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1767.html http://secunia.com/advisories/60630 http://linux.oracle.com/errata/ELSA-2014-1768.html http://secunia.com/advisories/59967 http://www.debian.org/security/2014/dsa-3064 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://support.apple.com/HT204659 http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://www.securityfocus.com/bid/70666 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.10 (Ubuntu), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 7 (Debian GNU/Linux), 5.6.1 (PHP), 5.5.0alpha3 (PHP), 5.5.0alpha4 (PHP), 5.5.0rc1 (PHP), 5.5.0rc2 (PHP), 5.5.0 (PHP), 5.5.0beta1 (PHP), 5.5.0beta2 (PHP), 5.5.11 (PHP), 5.5.14 (PHP), 5.5.5 (PHP), 5.5.6 (PHP), 5.5.7 (PHP), 5.5.0alpha1 (PHP), 5.5.0alpha2 (PHP), 5.5.0beta3 (PHP), 5.5.0beta4 (PHP), 5.5.2 (PHP), 5.5.8 (PHP), 5.5.9 (PHP), 5.5.0alpha5 (PHP), 5.5.0alpha6 (PHP), 5.5.1 (PHP), 5.5.10 (PHP), 5.5.12 (PHP), 5.5.13 (PHP), 5.5.3 (PHP), 5.5.4 (PHP), 6 (Debian GNU/Linux), 5.5.15 (PHP), 5.5.16 (PHP), 5.5.17 (PHP), 10.04 (Ubuntu), 5.6.0 (PHP), 5.4.5 (PHP), 5.4.4 (PHP), 5.4.28 (PHP), 5.4.27 (PHP), 5.4.26 (PHP), 5.4.2 (PHP), 5.4.19 (PHP), 5.4.13rc1 (PHP), 5.4.13 (PHP), 5.4.9 (PHP), 5.4.8 (PHP), 5.4.32 (PHP), \u0434\u043e 5.4.33 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP), 5.4.23 (PHP), 5.4.22 (PHP), 5.4.16rc1 (PHP), 5.4.15rc1 (PHP), 5.4.12 (PHP), 5.4.11 (PHP), 5.4.7 (PHP), 5.4.6 (PHP), 5.4.3 (PHP), 5.4.29 (PHP), 5.4.21 (PHP), 5.4.20 (PHP), 5.4.14rc1 (PHP), 5.4.14 (PHP), 5.4.10 (PHP), 5.4.1 (PHP), 5.4.0 (PHP), 5.4.30 (PHP), 5.4.31 (PHP), 5.4.25 (PHP), 5.4.24 (PHP), 5.4.18 (PHP), 5.4.17 (PHP), 5.4.12rc2 (PHP), 5.4.12rc1 (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://bugs.php.net/bug.php?id=68027\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2014-3668\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3668.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2014-3668\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2014-3668",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.10.2014",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02643",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2014-3668",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, OpenSUSE Leap, Debian GNU/Linux, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.10 , Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 12.04 , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mkgmtime (libxmlrpc/xmlrpc.c) \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mkgmtime (libxmlrpc/xmlrpc.c) \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430.",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503\nhttps://bugs.php.net/bug.php?id=68027\nhttp://php.net/ChangeLog-5.php\nhttp://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e\nhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html\nhttp://rhn.redhat.com/errata/RHSA-2014-1768.html\nhttp://secunia.com/advisories/61982\nhttp://secunia.com/advisories/60699\nhttp://www.ubuntu.com/usn/USN-2391-1\nhttp://rhn.redhat.com/errata/RHSA-2014-1767.html\nhttp://linux.oracle.com/errata/ELSA-2014-1767.html\nhttp://secunia.com/advisories/60630\nhttp://linux.oracle.com/errata/ELSA-2014-1768.html\nhttp://secunia.com/advisories/59967\nhttp://www.debian.org/security/2014/dsa-3064\nhttp://secunia.com/advisories/61763\nhttp://secunia.com/advisories/61970\nhttp://rhn.redhat.com/errata/RHSA-2014-1766.html\nhttp://rhn.redhat.com/errata/RHSA-2014-1765.html\nhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html\nhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\nhttps://support.apple.com/HT204659\nhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html\nhttp://www.securityfocus.com/bid/70666\nhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2014-3668 (GCVE-0-2014-3668)

Vulnerability from cvelistv5 – Published: 2014-10-29 10:00 – Updated: 2024-08-06 10:50

Summary

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/59967	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-1767.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2391-1	vendor-advisoryx_refsource_UBUNTU
	https://support.apple.com/HT204659	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/61982	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/61763	third-party-advisoryx_refsource_SECUNIA
	https://bugs.php.net/bug.php?id=68027	x_refsource_CONFIRM
	http://linux.oracle.com/errata/ELSA-2014-1767.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-1766.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2014/dsa-3064	vendor-advisoryx_refsource_DEBIAN
	http://linux.oracle.com/errata/ELSA-2014-1768.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/70666	vdb-entryx_refsource_BID
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://php.net/ChangeLog-5.php	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/61970	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=1154503	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-1765.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2014-1768.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/60699	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/60630	third-party-advisoryx_refsource_SECUNIA

Date Public ?

2014-10-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59967"
          },
          {
            "name": "openSUSE-SU-2014:1391",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e"
          },
          {
            "name": "RHSA-2014:1767",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
          },
          {
            "name": "USN-2391-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2391-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "openSUSE-SU-2014:1377",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
          },
          {
            "name": "61982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61982"
          },
          {
            "name": "61763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61763"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=68027"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
          },
          {
            "name": "RHSA-2014:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
          },
          {
            "name": "DSA-3064",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
          },
          {
            "name": "70666",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70666"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/ChangeLog-5.php"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "name": "61970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61970"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
          },
          {
            "name": "openSUSE-SU-2015:0014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
          },
          {
            "name": "RHSA-2014:1765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
          },
          {
            "name": "RHSA-2014:1768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
          },
          {
            "name": "60699",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60699"
          },
          {
            "name": "60630",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60630"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "59967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59967"
        },
        {
          "name": "openSUSE-SU-2014:1391",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e"
        },
        {
          "name": "RHSA-2014:1767",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
        },
        {
          "name": "USN-2391-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2391-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "name": "openSUSE-SU-2014:1377",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
        },
        {
          "name": "61982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61982"
        },
        {
          "name": "61763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61763"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=68027"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
        },
        {
          "name": "RHSA-2014:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
        },
        {
          "name": "DSA-3064",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
        },
        {
          "name": "70666",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70666"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/ChangeLog-5.php"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "name": "61970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61970"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
        },
        {
          "name": "openSUSE-SU-2015:0014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
        },
        {
          "name": "RHSA-2014:1765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
        },
        {
          "name": "RHSA-2014:1768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
        },
        {
          "name": "60699",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60699"
        },
        {
          "name": "60630",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60630"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3668",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59967"
            },
            {
              "name": "openSUSE-SU-2014:1391",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
            },
            {
              "name": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e",
              "refsource": "CONFIRM",
              "url": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e"
            },
            {
              "name": "RHSA-2014:1767",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
            },
            {
              "name": "USN-2391-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2391-1"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "openSUSE-SU-2014:1377",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
            },
            {
              "name": "61982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61982"
            },
            {
              "name": "61763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61763"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=68027",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=68027"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
            },
            {
              "name": "RHSA-2014:1766",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3064",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3064"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
            },
            {
              "name": "70666",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70666"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "http://php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "61970",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61970"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
            },
            {
              "name": "openSUSE-SU-2015:0014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
            },
            {
              "name": "RHSA-2014:1765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "RHSA-2014:1768",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
            },
            {
              "name": "60699",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60699"
            },
            {
              "name": "60630",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60630"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3668",
    "datePublished": "2014-10-29T10:00:00.000Z",
    "dateReserved": "2014-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:50:18.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-02643

CVE-2014-3668 (GCVE-0-2014-3668)

Tags

Sightings

Nomenclature