cve/CVE-2014-3668.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.

POC

Reference

http://linux.oracle.com/errata/ELSA-2014-1768.html
http://www.ubuntu.com/usn/USN-2391-1
https://hackerone.com/reports/104011

Github

https://github.com/Hwangtaewon/radamsa
https://github.com/StephenHaruna/RADAMSA
https://github.com/nqwang/radamsa
https://github.com/sambacha/mirror-radamsa
https://github.com/sunzu94/radamsa-Fuzzer

1.1 KiB Raw Blame History

CVE-2014-3668

Description

POC

Reference

Github

1.1 KiB

Raw Blame History