CVE-2013-6712

Priority
Description
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through
5.5.6 does not properly restrict creation of DateInterval objects, which
might allow remote attackers to cause a denial of service (heap-based
buffer over-read) via a crafted interval specification.
Assigned-to
mdeslaur
Notes
More Information

Updated: 2020-03-18 22:14:03 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)