CVE-2014-3668: Buffer Overflow
First published: Mon Oct 20 2014(Updated: )
An out-of-bounds read flaw was found in PHP's mkgmtime() function. This could possibly cause the PHP interpreter to crash. This issue has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2. References: <a href="http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e">http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e</a> <a href="https://bugs.php.net/bug.php?id=68027">https://bugs.php.net/bug.php?id=68027</a> <a href="http://php.net/ChangeLog-5.php">http://php.net/ChangeLog-5.php</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | <=5.4.33 | |
| PHP PHP | =5.4.0 | |
| PHP PHP | =5.4.1 | |
| PHP PHP | =5.4.2 | |
| PHP PHP | =5.4.3 | |
| PHP PHP | =5.4.4 | |
| PHP PHP | =5.4.5 | |
| PHP PHP | =5.4.6 | |
| PHP PHP | =5.4.7 | |
| PHP PHP | =5.4.8 | |
| PHP PHP | =5.4.9 | |
| PHP PHP | =5.4.10 | |
| PHP PHP | =5.4.11 | |
| PHP PHP | =5.4.12 | |
| PHP PHP | =5.4.12-rc1 | |
| PHP PHP | =5.4.12-rc2 | |
| PHP PHP | =5.4.13 | |
| PHP PHP | =5.4.13-rc1 | |
| PHP PHP | =5.4.14 | |
| PHP PHP | =5.4.14-rc1 | |
| PHP PHP | =5.4.15-rc1 | |
| PHP PHP | =5.4.16-rc1 | |
| PHP PHP | =5.4.17 | |
| PHP PHP | =5.4.18 | |
| PHP PHP | =5.4.19 | |
| PHP PHP | =5.4.20 | |
| PHP PHP | =5.4.21 | |
| PHP PHP | =5.4.22 | |
| PHP PHP | =5.4.23 | |
| PHP PHP | =5.4.24 | |
| PHP PHP | =5.4.25 | |
| PHP PHP | =5.4.26 | |
| PHP PHP | =5.4.27 | |
| PHP PHP | =5.4.28 | |
| PHP PHP | =5.4.29 | |
| PHP PHP | =5.4.30 | |
| PHP PHP | =5.4.31 | |
| PHP PHP | =5.4.32 | |
| PHP PHP | =5.5.0 | |
| PHP PHP | =5.5.0-alpha1 | |
| PHP PHP | =5.5.0-alpha2 | |
| PHP PHP | =5.5.0-alpha3 | |
| PHP PHP | =5.5.0-alpha4 | |
| PHP PHP | =5.5.0-alpha5 | |
| PHP PHP | =5.5.0-alpha6 | |
| PHP PHP | =5.5.0-beta1 | |
| PHP PHP | =5.5.0-beta2 | |
| PHP PHP | =5.5.0-beta3 | |
| PHP PHP | =5.5.0-beta4 | |
| PHP PHP | =5.5.0-rc1 | |
| PHP PHP | =5.5.0-rc2 | |
| PHP PHP | =5.5.1 | |
| PHP PHP | =5.5.2 | |
| PHP PHP | =5.5.3 | |
| PHP PHP | =5.5.4 | |
| PHP PHP | =5.5.5 | |
| PHP PHP | =5.5.6 | |
| PHP PHP | =5.5.7 | |
| PHP PHP | =5.5.8 | |
| PHP PHP | =5.5.9 | |
| PHP PHP | =5.5.10 | |
| PHP PHP | =5.5.11 | |
| PHP PHP | =5.5.12 | |
| PHP PHP | =5.5.13 | |
| PHP PHP | =5.5.14 | |
| PHP PHP | =5.5.15 | |
| PHP PHP | =5.5.16 | |
| PHP PHP | =5.5.17 | |
| PHP PHP | =5.6.0 | |
| PHP PHP | =5.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e
- http://linux.oracle.com/errata/ELSA-2014-1767.html
- http://linux.oracle.com/errata/ELSA-2014-1768.html
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://rhn.redhat.com/errata/RHSA-2014-1767.html
- http://rhn.redhat.com/errata/RHSA-2014-1768.html
- http://secunia.com/advisories/59967
- http://secunia.com/advisories/60630
- http://secunia.com/advisories/60699
- http://secunia.com/advisories/61763
- http://secunia.com/advisories/61970
- http://secunia.com/advisories/61982
- http://www.debian.org/security/2014/dsa-3064
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.securityfocus.com/bid/70666
- http://www.ubuntu.com/usn/USN-2391-1
- https://bugs.php.net/bug.php?id=68027
- https://bugzilla.redhat.com/show_bug.cgi?id=1154503
- https://support.apple.com/HT204659
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e
- https://rhn.redhat.com/errata/RHSA-2014-1768.html
- https://rhn.redhat.com/errata/RHSA-2014-1766.html
- https://rhn.redhat.com/errata/RHSA-2014-1765.html
- https://rhn.redhat.com/errata/RHSA-2014-1767.html
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-3668
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- vendor/php
- canonical/php php
- version/php php/5.4.33
- version/php php/5.4.0
- version/php php/5.4.1
- version/php php/5.4.2
- version/php php/5.4.3
- version/php php/5.4.4
- version/php php/5.4.5
- version/php php/5.4.6
- version/php php/5.4.7
- version/php php/5.4.8
- version/php php/5.4.9
- version/php php/5.4.10
- version/php php/5.4.11
- version/php php/5.4.12
- version/php php/5.4.12-rc1
- version/php php/5.4.12-rc2
- version/php php/5.4.13
- version/php php/5.4.13-rc1
- version/php php/5.4.14
- version/php php/5.4.14-rc1
- version/php php/5.4.15-rc1
- version/php php/5.4.16-rc1
- version/php php/5.4.17
- version/php php/5.4.18
- version/php php/5.4.19
- version/php php/5.4.20
- version/php php/5.4.21
- version/php php/5.4.22
- version/php php/5.4.23
- version/php php/5.4.24
- version/php php/5.4.25
- version/php php/5.4.26
- version/php php/5.4.27
- version/php php/5.4.28
- version/php php/5.4.29
- version/php php/5.4.30
- version/php php/5.4.31
- version/php php/5.4.32
- version/php php/5.5.0
- version/php php/5.5.0-alpha1
- version/php php/5.5.0-alpha2
- version/php php/5.5.0-alpha3
- version/php php/5.5.0-alpha4
- version/php php/5.5.0-alpha5
- version/php php/5.5.0-alpha6
- version/php php/5.5.0-beta1
- version/php php/5.5.0-beta2
- version/php php/5.5.0-beta3
- version/php php/5.5.0-beta4
- version/php php/5.5.0-rc1
- version/php php/5.5.0-rc2
- version/php php/5.5.1
- version/php php/5.5.2
- version/php php/5.5.3
- version/php php/5.5.4
- version/php php/5.5.5
- version/php php/5.5.6
- version/php php/5.5.7
- version/php php/5.5.8
- version/php php/5.5.9
- version/php php/5.5.10
- version/php php/5.5.11
- version/php php/5.5.12
- version/php php/5.5.13
- version/php php/5.5.14
- version/php php/5.5.15
- version/php php/5.5.16
- version/php php/5.5.17
- version/php php/5.6.0
- version/php php/5.6.1
- package-manager/redhat