CVE-2014-2270 – file: out-of-bounds access in search rules with offsets from input file
https://notcve.org/view.php?id=CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. softmagic.c en archivo anterior a 5.17 y libmagic permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria fuera de rango y caída) a través de desplazamientos (“offsets”) manipulados en el softmagic de un ejecutable PE. A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. • http://bugs.gw.com/view.php?id=313 http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://seclists.org/oss-sec/2014/q1/473 http://seclists.org/oss-sec/2014/q1/504 http://seclists.org/oss-sec/2014/q1/505 http://support.apple.com/kb/HT6443 http://www.debian.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2013-7327
https://notcve.org/view.php?id=CVE-2013-7327
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. La función gdImageCrop en ext/gd/gd.c en PHP 5.5.x anterior a 5.5.9 no comprueba los valores de retorno, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de argumentos imagecrop no válidos que conducen al uso de un puntero nulo como valor de retorno, una vulnerabilidad diferente a CVE-2013-7226. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8f4a5373bb71590352fd934028d6dde5bc18530b http://www.ubuntu.com/usn/USN-2126-1 https://bugs.php.net/bug.php?id=66356 https://bugzilla.redhat.com/show_bug.cgi?id=1065108 • CWE-20: Improper Input Validation •
CVE-2014-2020
https://notcve.org/view.php?id=CVE-2014-2020
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. ext/gd/gd.c en PHP 5.5.x anterior a 5.5.9 no comprueba tipos de datos, lo que podría permitir a atacantes remotos obtener información sensible mediante el uso de (1) una cadena o (2) un tipo de dato array en lugar de un tipo de dato numérico, tal y como se demostró mediante la llamada de la función imagecrop con una cadena para el valor de dimensión x, una vulnerabilidad diferente a CVE-2013-7226. • http://www.ubuntu.com/usn/USN-2126-1 https://bugs.php.net/bug.php?id=66356 https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01 • CWE-189: Numeric Errors •
CVE-2012-1171
https://notcve.org/view.php?id=CVE-2012-1171
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. La función libxml RSHUTDOWN en PHP 5.x permite a atacantes remotos evadir el mecanismo de protección de open_basedir y leer archivos arbitrarios a través de vectores que incolucran la llamada del método stream_close durante el uso de un "wrapper" de transmisión personalizado. • https://bugs.php.net/bug.php?id=61367 https://bugzilla.redhat.com/show_bug.cgi?id=802591 https://github.com/php/php-src/blob/master/ext/libxml/tests/bug61367-read.phpt https://github.com/php/php-src/blob/master/ext/libxml/tests/bug61367-write.phpt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6420 – PHP - 'openssl_x509_parse()' Memory Corruption
https://notcve.org/view.php?id=CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5.4.23 y 5.5.x anterior de 5.5.7 no trata correctamente las marcas de tiempo (timestamps) (1) notBefore y (2) notAfter en certificados X 0.509 , lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un certificado manipulado que no está tratado adecuadamente por la función openssl_x509_parse. The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution. • https://www.exploit-db.com/exploits/30395 http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2013-1813.html http://rhn.redhat.com/errata/RHSA-2013-1815.html http://rhn.redhat.com/errata/RHSA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •