Executive Summary

Informations
Name CVE-2014-3668 First vendor Publication 2014-10-29
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28245
 
Oval ID: oval:org.mitre.oval:def:28245
Title: SUSE-SU-2014:1441-1 -- Security update for php53 (moderate)
Description: This update fixes the following vulnerabilities in php: * Heap corruption issue in exif_thumbnail(). (CVE-2014-3670) * Integer overflow in unserialize(). (CVE-2014-3669) * Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime(). (CVE-2014-3668) Security Issues: * CVE-2014-3669 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669> * CVE-2014-3670 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670> * CVE-2014-3668 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1441-1
CVE-2014-3669
CVE-2014-3670
CVE-2014-3668
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): php53
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 535

Nessus® Vulnerability Scanner

Date Description
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-94.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3117.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3074.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-645.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-636.nasl - Type : ACT_GATHER_INFO
2014-11-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201411-04.nasl - Type : ACT_GATHER_INFO
2014-11-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3064.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1768.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1767.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-435.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-434.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2391-1.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1768.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1767.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1768.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1767.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13031.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd3440953450...
Source Url
APPLE http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BID http://www.securityfocus.com/bid/70666
CONFIRM http://linux.oracle.com/errata/ELSA-2014-1767.html
http://linux.oracle.com/errata/ELSA-2014-1768.html
http://php.net/ChangeLog-5.php
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
https://bugs.php.net/bug.php?id=68027
https://bugzilla.redhat.com/show_bug.cgi?id=1154503
https://support.apple.com/HT204659
DEBIAN http://www.debian.org/security/2014/dsa-3064
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2014-1767.html
http://rhn.redhat.com/errata/RHSA-2014-1768.html
SECUNIA http://secunia.com/advisories/59967
http://secunia.com/advisories/60630
http://secunia.com/advisories/60699
http://secunia.com/advisories/61763
http://secunia.com/advisories/61970
http://secunia.com/advisories/61982
SUSE http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
UBUNTU http://www.ubuntu.com/usn/USN-2391-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Date Informations
2024-02-02 01:27:41
  • Multiple Updates
2024-02-01 12:08:14
  • Multiple Updates
2023-11-07 21:45:14
  • Multiple Updates
2023-09-05 12:26:14
  • Multiple Updates
2023-09-05 01:08:07
  • Multiple Updates
2023-09-02 12:26:15
  • Multiple Updates
2023-09-02 01:08:14
  • Multiple Updates
2023-08-12 12:28:34
  • Multiple Updates
2023-08-12 01:07:44
  • Multiple Updates
2023-08-11 12:24:22
  • Multiple Updates
2023-08-11 01:07:56
  • Multiple Updates
2023-08-06 12:23:41
  • Multiple Updates
2023-08-06 01:07:43
  • Multiple Updates
2023-08-04 12:23:44
  • Multiple Updates
2023-08-04 01:07:47
  • Multiple Updates
2023-07-14 12:23:43
  • Multiple Updates
2023-07-14 01:07:46
  • Multiple Updates
2023-03-29 01:25:34
  • Multiple Updates
2023-03-28 12:08:06
  • Multiple Updates
2022-10-11 12:21:25
  • Multiple Updates
2022-10-11 01:07:54
  • Multiple Updates
2021-05-04 12:32:24
  • Multiple Updates
2021-04-22 01:39:33
  • Multiple Updates
2020-05-23 01:52:15
  • Multiple Updates
2020-05-23 00:41:11
  • Multiple Updates
2019-06-08 12:06:12
  • Multiple Updates
2018-10-03 12:04:16
  • Multiple Updates
2018-03-12 12:01:07
  • Multiple Updates
2016-10-18 12:03:54
  • Multiple Updates
2016-10-05 01:01:40
  • Multiple Updates
2016-08-30 13:21:27
  • Multiple Updates
2016-06-28 22:52:29
  • Multiple Updates
2016-05-20 13:27:35
  • Multiple Updates
2016-05-18 13:27:58
  • Multiple Updates
2016-04-27 00:53:55
  • Multiple Updates
2016-04-26 13:27:45
  • Multiple Updates
2016-04-16 13:27:08
  • Multiple Updates
2015-12-05 13:26:36
  • Multiple Updates
2015-06-25 13:28:23
  • Multiple Updates
2015-05-21 00:27:35
  • Multiple Updates
2015-05-19 21:28:32
  • Multiple Updates
2015-05-14 21:27:57
  • Multiple Updates
2015-05-14 09:26:36
  • Multiple Updates
2015-04-24 00:26:37
  • Multiple Updates
2015-04-22 00:26:16
  • Multiple Updates
2015-04-21 09:25:09
  • Multiple Updates
2015-04-18 09:26:08
  • Multiple Updates
2015-04-14 09:27:29
  • Multiple Updates
2015-04-11 13:28:45
  • Multiple Updates
2015-03-27 13:28:17
  • Multiple Updates
2014-11-20 09:23:13
  • Multiple Updates
2014-11-19 13:25:10
  • Multiple Updates
2014-11-19 09:23:48
  • Multiple Updates
2014-11-14 13:28:10
  • Multiple Updates
2014-11-13 13:27:04
  • Multiple Updates
2014-11-12 13:27:12
  • Multiple Updates
2014-11-11 13:25:57
  • Multiple Updates
2014-11-06 13:28:20
  • Multiple Updates
2014-11-05 13:27:55
  • Multiple Updates
2014-11-04 13:27:31
  • Multiple Updates
2014-11-01 13:26:40
  • Multiple Updates
2014-10-30 13:24:47
  • Multiple Updates
2014-10-29 21:23:38
  • Multiple Updates
2014-10-29 17:22:48
  • First insertion