PHP OpenSSL Extension X.509 Certificate Parsing Memory Corruption Vulnerability

Last Update Date: 12 Dec 2013 09:51 Release Date: 12 Dec 2013 3042 Views

RISK: High Risk

High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability was reported in PHP. A remote user can execute arbitrary code on the target system.

 

A remote user can send a specially crafted certificate to trigger a memory corruption flaw in openssl_x509_parse() and execute arbitrary code on the target system. The code will run with the privileges of the target PHP application.

Impact

  • Remote Code Execution

System / Technologies affected

  • PHP versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Fixed in the source code repository.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

11 Dec 2013 3121 Views

Next

Microsoft Internet Explorer Cumulative Security Update

11 Dec 2013 3058 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY