CVE-2014-8626 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php
Redhat	Enterprise Linux Rhel Els

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.2.0:::::::*
	cpe:2.3:a:php:php:5.2.1:::::::*
	cpe:2.3:a:php:php:5.2.2:::::::*
	cpe:2.3:a:php:php:5.2.3:::::::*
	cpe:2.3:a:php:php:5.2.4:::::::*
	cpe:2.3:a:php:php:5.2.5:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4 Extended Lifecycle Support
php-0:4.3.9-3.38.el4	cpe:/o:redhat:rhel_els:4	RHSA-2014:1825	2014-11-06T00:00:00Z
Red Hat Enterprise Linux 5
php-0:5.1.6-45.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2014:1824	2014-11-06T00:00:00Z

References

Link	Providers
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db
http://openwall.com/lists/oss-security/2014/11/06/3
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2014-1824.html
http://rhn.redhat.com/errata/RHSA-2014-1825.html
http://www.securityfocus.com/bid/70928
https://bugs.php.net/bug.php?id=45226
https://bugzilla.redhat.com/show_bug.cgi?id=1155607
https://nvd.nist.gov/vuln/detail/CVE-2014-8626
https://www.cve.org/CVERecord?id=CVE-2014-8626

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-23T02:00:00

Updated: 2024-08-06T13:26:01.624Z

Reserved: 2014-11-06T00:00:00

Link: CVE-2014-8626

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-23T02:59:00.087

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-8626

Redhat

Severity : Critical

Publid Date: 2014-11-05T00:00:00Z

Links: CVE-2014-8626 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-28T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:1824", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=45226"}, {"name": "RHSA-2014:1825", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1825.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607"}, {"name": "70928", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70928"}, {"name": "[oss-security] 20141106 Re: CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/11/06/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8626", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2014:1824", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"}, {"name": "https://bugs.php.net/bug.php?id=45226", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=45226"}, {"name": "RHSA-2014:1825", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1825.html"}, {"name": "http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db"}, {"name": "http://php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://php.net/ChangeLog-5.php"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607"}, {"name": "70928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70928"}, {"name": "[oss-security] 20141106 Re: CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/11/06/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:26:01.624Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:1824", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=45226"}, {"name": "RHSA-2014:1825", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1825.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607"}, {"name": "70928", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70928"}, {"name": "[oss-security] 20141106 Re: CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/11/06/3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8626", "datePublished": "2014-11-23T02:00:00", "dateReserved": "2014-11-06T00:00:00", "dateUpdated": "2024-08-06T13:26:01.624Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F", "versionEndIncluding": "5.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n date_from_ISO8601 en ext/xmlrpc/libxmlrpc/xmlrpc.c en PHP anterior a 5.2.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario mediante la inclusi\u00f3n de un campo de zona horaria en una fecha, que conlleva a una codificaci\u00f3n XML-RPC indebida."}], "id": "CVE-2014-8626", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-23T02:59:00.087", "references": [{"source": "secalert@redhat.com", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2014/11/06/3"}, {"source": "secalert@redhat.com", "url": "http://php.net/ChangeLog-5.php"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1825.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/70928"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugs.php.net/bug.php?id=45226"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/11/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://php.net/ChangeLog-5.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-1825.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.php.net/bug.php?id=45226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1825", "cpe": "cpe:/o:redhat:rhel_els:4", "package": "php-0:4.3.9-3.38.el4", "product_name": "Red Hat Enterprise Linux 4 Extended Lifecycle Support", "release_date": "2014-11-06T00:00:00Z"}, {"advisory": "RHSA-2014:1824", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "important", "package": "php-0:5.1.6-45.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-11-06T00:00:00Z"}], "bugzilla": {"description": "php: xmlrpc ISO8601 date format parsing buffer overflow", "id": "1155607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155607"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.", "A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application."], "name": "CVE-2014-8626", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}], "public_date": "2014-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8626\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8626"], "statement": "This issue did not affect php53 packages in Red Hat Enterprise Linux 5, php packages in Red Hat Enterprise Linux 6 and 7, and php54-php and php55-php packages in Red Hat Software Collections 1.", "threat_severity": "Critical"}