FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php5 -- Denial of Service in php_date_parse_tzfile()

Affected packages
5.2 <= php5 < 5.2.17_11
5.3 <= php5 < 5.3.9
php52 < 5.2.17_11
php53 < 5.3.9

Details

VuXML ID 9b2a5e88-02b8-11e2-92d1-000d601460a4
Discovery 2010-12-08
Entry 2012-09-19

MITRE CVE team reports:

Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.

[source]

References

CVE Name CVE-2012-0789
URL https://bugs.php.net/bug.php?id=53502
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0789

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.