CVE-2013-4635
Published: 21 June 2013
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
Notes
Author | Note |
---|---|
seth-arnold | codesearch.debian.net shows no callers of this jdtojewish php function. Flaws in PHP itself that allow crashing the interpreter are not in themselves security problems. |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.5.0)
|
lucid |
Released
(5.3.2-1ubuntu4.20)
|
|
precise |
Released
(5.3.10-1ubuntu3.7)
|
|
quantal |
Released
(5.4.6-1ubuntu1.3)
|
|
raring |
Released
(5.4.9-4ubuntu2.2)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=4828f7343b3f31d914f4d4a5545865b8a19f7fb6 upstream: http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce |