CVE-2013-6420

HIGH

Description

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

ID	Name	Product	Family	Severity
124998	EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)	Nessus	Huawei Local Security Checks	critical
102079	Juniper Junos PHP multiple vulnerabilities (JSA10804)	Nessus	Junos Local Security Checks	high
83607	SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)	Nessus	SuSE Local Security Checks	high
80737	Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)	Nessus	Solaris Local Security Checks	high
78987	RHEL 5 : php53 (RHSA-2013:1825)	Nessus	Red Hat Local Security Checks	high
78986	RHEL 5 / 6 : php (RHSA-2013:1824)	Nessus	Red Hat Local Security Checks	high
78090	HP System Management Homepage < 7.4 Multiple Vulnerabilities	Nessus	Web Servers	high
77455	GLSA-201408-11 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
74876	openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)	Nessus	SuSE Local Security Checks	high
8138	Mac OS X < 10.9.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
72688	Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)	Nessus	MacOS X Local Security Checks	critical
72687	Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
72082	Mandriva Linux Security Advisory : php (MDVSA-2014:014)	Nessus	Mandriva Local Security Checks	high
71965	SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)	Nessus	SuSE Local Security Checks	high
71964	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710)	Nessus	SuSE Local Security Checks	high
71931	Slackware 14.0 / 14.1 / current : php (SSA:2014-013-03)	Nessus	Slackware Local Security Checks	high
71576	Amazon Linux AMI : php55 (ALAS-2013-264)	Nessus	Amazon Linux Local Security Checks	high
71575	Amazon Linux AMI : php54 (ALAS-2013-263)	Nessus	Amazon Linux Local Security Checks	high
71574	Amazon Linux AMI : php (ALAS-2013-262)	Nessus	Amazon Linux Local Security Checks	high
71552	Fedora 18 : php-5.4.23-1.fc18 (2013-23215)	Nessus	Fedora Local Security Checks	high
71549	Fedora 20 : php-5.5.7-1.fc20 (2013-23164)	Nessus	Fedora Local Security Checks	high
71451	FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771)	Nessus	FreeBSD Local Security Checks	high
71428	PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory Corruption	Nessus	CGI abuses	high
71427	PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption	Nessus	CGI abuses	high
71426	PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities	Nessus	CGI abuses	high
71402	Debian DSA-2816-1 : php5 - several vulnerabilities	Nessus	Debian Local Security Checks	high
71394	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)	Nessus	Ubuntu Local Security Checks	high
71386	Fedora 19 : php-5.5.7-1.fc19 (2013-23208)	Nessus	Fedora Local Security Checks	high
71373	Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211)	Nessus	Scientific Linux Local Security Checks	critical
71372	Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211)	Nessus	Scientific Linux Local Security Checks	high
71367	Oracle Linux 5 : php (ELSA-2013-1814)	Nessus	Oracle Linux Local Security Checks	critical
71356	CentOS 5 : php (CESA-2013:1814)	Nessus	CentOS Local Security Checks	critical
71355	CentOS 5 / 6 : php / php53 (CESA-2013:1813)	Nessus	CentOS Local Security Checks	high
71337	RHEL 5 : php (RHSA-2013:1814)	Nessus	Red Hat Local Security Checks	critical
71336	RHEL 5 / 6 : php53 and php (RHSA-2013:1813)	Nessus	Red Hat Local Security Checks	high
71334	Oracle Linux 5 / 6 : php / php53 (ELSA-2013-1813)	Nessus	Oracle Linux Local Security Checks	high

CVE-2013-6420

Description

References

Details

Risk Information

CVSS v2.0