Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1353

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1353
Last Modified 30 Mar 2015 03:15:10
Published 30 Mar 2015 06:59:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1353

Summary

Multiple integer overflows in the calendar extension in PHP through 5.6.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted year value to (1) the GregorianToSdn function in gregor.c or (2) the JulianToSdn function in julian.c, as demonstrated by a crafted third argument to the gregoriantojd or juliantojd function.

Vulnerable Systems

Application

  • Php 5.6.7


References

MISC - https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1

MLIST - [oss-security] 20150124 Re: CVE Request: PHP int overflow


Last Updated: 27 May 2016 11:08:14