Vulnerability Details : CVE-2013-6712
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Vulnerability category: OverflowDenial of service
Threat overview for CVE-2013-6712
Top countries where our scanners detected CVE-2013-6712
Top open port discovered on systems with this issue
80
IPs affected by CVE-2013-6712 216,552
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-6712!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-6712
Probability of exploitation activity in the next 30 days: 58.97%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6712
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-6712
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6712
-
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2055-1
USN-2055-1: PHP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
openSUSE-SU-2013:1963-1: moderate: update for php5Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RHSA-2014:1765 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT204659
About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple SupportThird Party Advisory
-
https://bugs.php.net/bug.php?id=66060
PHP :: Bug #66060 :: Heap buffer over-read in DateIntervalIssue Tracking;Patch;Vendor Advisory
-
http://www.debian.org/security/2013/dsa-2816
Debian -- Security Information -- DSA-2816-1 php5Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
openSUSE-SU-2013:1964-1: moderate: update for php5Mailing List;Third Party Advisory
-
http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
208.43.231.11 Git - php-src.git/commitPatch;Vendor Advisory
Products affected by CVE-2013-6712
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*