CVE-2013-6420

Priority
Description
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse
(1) notBefore and (2) notAfter timestamps in X.509 certificates, which
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a crafted certificate that is not properly
handled by the openssl_x509_parse function.
Assigned-to
mdeslaur
Notes
More Information

Updated: 2020-03-18 22:13:54 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)