Name: CVE-2013-6712 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131108 Category: Reference: MISC:https://bugs.php.net/bug.php?id=66060 Reference: CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. Reproducible: Steps to Reproduce:
Moving this to Bug 11947. *** This bug has been marked as a duplicate of bug 11947 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE